998adfb9be452c3bd21f0addb61e5c38a585c5cf1f91f0f6a0c3b4ff5fec1868

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 02:28

Target

998adfb9be452c3bd21f0addb61e5c38a585c5cf1f91f0f6a0c3b4ff5fec1868.dll
Size

384KB
MD5

1ea605e7a6d4e665e21ce945b8dd2589
SHA1

78647b0d81d7183cb45395fd81cb46170a7a9e01
SHA256

998adfb9be452c3bd21f0addb61e5c38a585c5cf1f91f0f6a0c3b4ff5fec1868
SHA512

570b708e28ae6448a564c2f5abe4d0301adddd2194060868a89ed1ec3991b32f688e57cbff30640ea5ef8d5ddecc87ff581fa3b868abfc797443f95f13ee2701
SSDEEP

6144:v3WJCfn9Hleya1fqPhmb7SeJSMNqm8Ae6MA5RsYtni30YGdlAOcl7TKeSihpaAG:U01lM1iPh8+e0MNqxGMAftiOdly7TKvh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 3412	1528	rundll32.exe	82
PID 1528 wrote to memory of 3412	1528	rundll32.exe	82
PID 1528 wrote to memory of 3412	1528	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\998adfb9be452c3bd21f0addb61e5c38a585c5cf1f91f0f6a0c3b4ff5fec1868.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\998adfb9be452c3bd21f0addb61e5c38a585c5cf1f91f0f6a0c3b4ff5fec1868.dll,#1
  2⤵
  PID:3412

memory/3412-0-0x0000000074FB4000-0x0000000074FD7000-memory.dmp

Filesize
140KB

Download