18fb20ed7ff9283ccc1bc57009a2b386120b62a3160c3a29e71224a7985814a9

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 19:58

Target

$WINDIR/system32/tmrllozg.dll
Size

183KB
MD5

440dd855fbe2c10aa8fa70f09cb208ec
SHA1

5499a0ee810cc7d4deeb48b7b394c3bfb3f935fd
SHA256

4e354cd5d03c9cec1754ad60748fe35369b8fa50d870e28026835f84b8143a09
SHA512

41a6ac3d2bf2f6d29a05a92aa20a25b4f80182c06ecab506931c477b06fc0b41f5cc3c9cc5a3e3c3204449fb31116f26d2678844d0933383272645dd9b817d7f
SSDEEP

3072:zflWIEwdj3sFFRG5T3fW8B+iiKOXg5ux9UPrJlT+M2/KoMa6zWt+Fvf/zInSLZSc:ZYNG5TPLB+IOX+w9UDr+HfEWU/zZz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 100	376	rundll32.exe	81
PID 376 wrote to memory of 100	376	rundll32.exe	81
PID 376 wrote to memory of 100	376	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$WINDIR\system32\tmrllozg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$WINDIR\system32\tmrllozg.dll,#1
  2⤵
  PID:100

memory/100-0-0x0000000002E00000-0x0000000002E2E000-memory.dmp

Filesize
184KB

Download
memory/100-3-0x0000000002E00000-0x0000000002E2E000-memory.dmp

Filesize
184KB

Download
memory/100-1-0x00000000015B0000-0x00000000015DE000-memory.dmp

Filesize
184KB

Download
memory/100-4-0x0000000002E00000-0x0000000002E2E000-memory.dmp

Filesize
184KB

Download
memory/100-2-0x00000000015E0000-0x0000000001612000-memory.dmp

Filesize
200KB

Download