9f1eb0a100615cdda44a13f434627f8978d133ca4ef4a002809f95dcc8d24ff6

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/06/2023, 20:58

Target

version.dll
Size

80KB
MD5

b8e605ae7535341bbcdee7a09639854f
SHA1

871e10df7f4beec98c868833c0bc1d4b535b7d7c
SHA256

8ae66c5a87a0bfc63cbf2f5b810619ef61051153c5e3b7e2ac0b757245a59611
SHA512

eb105cdea155e3c4ff473d6f9ed9c5272978342408762f07dfd933e45ef9bbc486e0d37090029aeab10dede2a7e206a53bc2f33b5e1c0cdf4215713d3344f4d8
SSDEEP

1536:fLuNl6d6QDCpShfA3jBi5mb2xGXgNRWsWmPcdZO1FCLUmJcBkGV8PSxVIrigT39i:fLLdNDCpZ3j3O7QZOsjJcBkGV8PSxVIa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 1992	932	rundll32.exe	28
PID 932 wrote to memory of 1992	932	rundll32.exe	28
PID 932 wrote to memory of 1992	932	rundll32.exe	28
PID 932 wrote to memory of 1992	932	rundll32.exe	28
PID 932 wrote to memory of 1992	932	rundll32.exe	28
PID 932 wrote to memory of 1992	932	rundll32.exe	28
PID 932 wrote to memory of 1992	932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
  2⤵
  PID:1992