d81fdcc0520f1f01645e978ae21fcd7e01887044249d7ee1d0e018a6832320a5

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 19:00

Target

oledlg.dll
Size

112KB
MD5

4da7121c98c3fe4355c8a115d2675958
SHA1

32c61c8fcb5e99e4ddd83c59db70d87a0f2ae6b4
SHA256

e2e7dde0318246d112da1827b575c7c0e55b4aa7578cdf80485fc8ff4648b122
SHA512

922767ecc659f3ab67b550ff42c13a8397b83690a5eb785e1ac1443fef9fc3c65929d22b80e66cad56852fdb936a0dc2c7a119ef7151e6161bd8eaee3ff9ada1
SSDEEP

1536:WjgDdzMm8Q3RbtTp0CmrhZuukXyGvN+aJE0iVdBhSf8Lqzn4Ck/T+tPqQ:VRM1Q3RZTyCmrhZMyEN+ulZf8LqziT5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 3676	4224	rundll32.exe	82
PID 4224 wrote to memory of 3676	4224	rundll32.exe	82
PID 4224 wrote to memory of 3676	4224	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\oledlg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\oledlg.dll,#1
  2⤵
  PID:3676

memory/3676-0-0x0000000000F20000-0x0000000000F3F000-memory.dmp

Filesize
124KB

Download