199879ac19872d6b0ff820d8f502062f0efea37867b937dc04580cf170b8228d

Analysis

max time kernel
117s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 06:54

Target

JIGUtility_V2.0.8.0_20230112/ASUSR_ParsingRecord/ASUSR_ParsingRecord/encryptlog.dll
Size

8KB
MD5

247428532adad99033a09269e22ae413
SHA1

260bbc18ed9eb0c3d3cb8fd0b6a04f4e020de55e
SHA256

02fc1b602e832f2448c061a8d2496180ff7dc63979c111056155a2b75d3e4122
SHA512

5bb9380b22c050c7591bc9dc578fb2c6ea72bf601022c7ccb55dda9a55f3899a7370c2c67f66092851c711ad1346976c36ab7d54bd484b54fda0d7d01cc6fef8
SSDEEP

192:jWJLsEbrSYSWDXOXGKiMQ03X73s4Fm74:GLsEbnxXO0Mdr3HT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4880 wrote to memory of 4816	4880	rundll32.exe	84
PID 4880 wrote to memory of 4816	4880	rundll32.exe	84
PID 4880 wrote to memory of 4816	4880	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\encryptlog.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\encryptlog.dll,#1
  2⤵
  PID:4816