fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6

Analysis

max time kernel
32s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-06-2023 19:21

Target

fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll
Size

270KB
MD5

ab97976283575b97b8f7dd42ae06b1a6
SHA1

57b18cfc80dec71a2429c800cdc79d7a767b3edb
SHA256

fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6
SHA512

83b32528ace4c001b71263ab2fcc6401e8eb3deb27f7930bd38b3655c908021a836c2092e23c3e2698312b68b5fd5378017000b5467a4ad1d386e91651ae70fb
SSDEEP

3072:t2BcpmO4BZbXs8vwEKj1SScXtbZu4fFQMjbwsttME5GvMkjVdRiydO4ypJ5:mcMO4ry1S5u4NTbvRskkjtiR4y1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 864 wrote to memory of 1680	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1680	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1680	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1680	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1680	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1680	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1680	864	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll,#1
2⤵
PID:1680