a738fca0a8581975866a6126016f67535aadaaea0105e0d0908d34d0254a2339

Analysis

max time kernel
91s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 04:38

Target

$0/questbasic.dll
Size

868KB
MD5

8e64880cfbd8d04c238469e9424aafc0
SHA1

714833a88fb17ee6eb4e00ea6a8956b3cc21ef85
SHA256

5f40208e990c8084ba9bf030f8ef4db9916602574853188e7e3bd3ab6f8ae0c4
SHA512

ca0380460c723655039937cc0be205d58ce0c516cfd3cc362f773927d5d278515cefb087ca242e632738dc95e78f3037a42259b424be35f5203b6749f91ed933
SSDEEP

12288:g57a7vT9ZmmejH9T2w7JCqAvOKI4lcZ/RVz7+mQo77Zq5mLPo30sl8NsL:VvT9EdTQrOKI/d+mQSqqLslu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 4012	1492	rundll32.exe	81
PID 1492 wrote to memory of 4012	1492	rundll32.exe	81
PID 1492 wrote to memory of 4012	1492	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\questbasic.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\questbasic.dll,#1
  2⤵
  PID:4012

memory/4012-1-0x0000000002AF0000-0x0000000002BC1000-memory.dmp

Filesize
836KB

Download