815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04

Analysis

max time kernel
101s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 06:49

Target

815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll
Size

663KB
MD5

8363e265a2f79666f9bfca8ef23c453c
SHA1

5ebacb20f62fae0dd610d874583d13fac5024309
SHA256

815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04
SHA512

dac6dca71fb522b81e408f19e1a09a304af87a0df5e03836800d3377863ff3a1b132e96f811897320f39d0bfbde28f8850897a77517d387fc3f4491a19d151e8
SSDEEP

12288:Fm7UnRfVgZK5uH5yYTKGhkJ9JWUjH5WHCFz0pKuQnjhVh7SNE:FmwZGZJAY17UlEiuQlVJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 400 wrote to memory of 4840	400	rundll32.exe	rundll32.exe
PID 400 wrote to memory of 4840	400	rundll32.exe	rundll32.exe
PID 400 wrote to memory of 4840	400	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll,#1
  2⤵
  PID:4840

memory/4840-0-0x0000000000A10000-0x0000000000ABC000-memory.dmp

Filesize
688KB

Download
memory/4840-1-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/4840-2-0x0000000000A10000-0x0000000000ABC000-memory.dmp

Filesize
688KB

Download