c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
28/06/2023, 18:30

Target

c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de.dll
Size

106KB
MD5

f3c52283aef555393238829e28e86830
SHA1

5577681b2468af105b141142916657028116b7db
SHA256

c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de
SHA512

541feb3d75fa506e015bd456c3553d8d3f0b50d7aaa26cf6ad5d862cfe813dfc2f0bd23cd78bcedb9569652a269005d2945478ddc604163041bb9e83afff6558
SSDEEP

1536:XYtNNCclxaWfem/KmO7b0Flr9sgb15wk41KlqcTtJonUe8FzkjWSnlIscCGIZTBc:6CjWfemGb0FZm4moBtJonUMlIiBZT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 904	1716	rundll32.exe	27
PID 1716 wrote to memory of 904	1716	rundll32.exe	27
PID 1716 wrote to memory of 904	1716	rundll32.exe	27
PID 1716 wrote to memory of 904	1716	rundll32.exe	27
PID 1716 wrote to memory of 904	1716	rundll32.exe	27
PID 1716 wrote to memory of 904	1716	rundll32.exe	27
PID 1716 wrote to memory of 904	1716	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de.dll,#1
  2⤵
  PID:904

memory/904-54-0x0000000000210000-0x000000000027B000-memory.dmp

Filesize
428KB

Download