d94387dc9f8d8a1a54bcefbf4d7c33395f484e1e056d86b5dc441184f730687f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 03:42

Target

d94387dc9f8d8a1a54bcefbf4d7c33395f484e1e056d86b5dc441184f730687f.dll
Size

332KB
MD5

18033654597412ba971693c780f25978
SHA1

b525c0e5b9ca9d9dbfb6d67133771906e0849690
SHA256

d94387dc9f8d8a1a54bcefbf4d7c33395f484e1e056d86b5dc441184f730687f
SHA512

a171c26b5d3415f5b77ac62777d8bd85aaeb35be14a01f2d5e73c1f92b9b39826342a60d05a5c97db51031f7c8b2427c665ea7917ef6bdcff4de18bafed22ae1
SSDEEP

6144:L7CWCM5ya7Bbnr9L+8TeaMxQBNKqZrM7DmsVuAXyI5:X4M8Ybx+8TeawI5dMfFX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 4500	960	rundll32.exe	82
PID 960 wrote to memory of 4500	960	rundll32.exe	82
PID 960 wrote to memory of 4500	960	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d94387dc9f8d8a1a54bcefbf4d7c33395f484e1e056d86b5dc441184f730687f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d94387dc9f8d8a1a54bcefbf4d7c33395f484e1e056d86b5dc441184f730687f.dll,#1
  2⤵
  PID:4500

memory/4500-0-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download