abdf45d83432fa9a3d925c083c09e5ab3ef8d32c145d13eb842590407d44ef0e

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 03:08

Target

abdf45d83432fa9a3d925c083c09e5ab3ef8d32c145d13eb842590407d44ef0e.dll
Size

6.6MB
MD5

85ad6d548c703a3f0c193f66371f7d82
SHA1

d219538099835d77689655711aac2893df6d9d09
SHA256

abdf45d83432fa9a3d925c083c09e5ab3ef8d32c145d13eb842590407d44ef0e
SHA512

3de79da8ab6606255854397c02f422569040563a25addddd884792d796e724559dd468126272db31e5a8cadc8e2c92bafd3c012d8dc6673479b2edc2131ab5bb
SSDEEP

98304:cnd/HIVedrSo0lTyFKIo3ZP1nX4R912BUZgiPQCnW2MjwqgK8xSYGbm:cd/HmYrYlTyVox016jwKOSa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 1272	3404	rundll32.exe	83
PID 3404 wrote to memory of 1272	3404	rundll32.exe	83
PID 3404 wrote to memory of 1272	3404	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abdf45d83432fa9a3d925c083c09e5ab3ef8d32c145d13eb842590407d44ef0e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abdf45d83432fa9a3d925c083c09e5ab3ef8d32c145d13eb842590407d44ef0e.dll,#1
  2⤵
  PID:1272

memory/1272-0-0x00000000029E0000-0x0000000003012000-memory.dmp

Filesize
6.2MB

Download
memory/1272-8-0x0000000002250000-0x0000000002293000-memory.dmp

Filesize
268KB

Download
memory/1272-17-0x0000000002250000-0x0000000002293000-memory.dmp

Filesize
268KB

Download
memory/1272-16-0x00000000029E0000-0x0000000003012000-memory.dmp

Filesize
6.2MB

Download