259cc64f693cbf84fdb998004e4487ef13988e54f80fb56f040054b2e6545a4a

Analysis

max time kernel
30s
max time network
36s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
03-07-2023 19:29

Target

259cc64f693cbf84fdb998004e4487ef13988e54f80fb56f040054b2e6545a4a.dll
Size

188KB
MD5

b10b1b45dc8649bf7c3f5e02aae80f43
SHA1

78df49148b443c4d26ac63544bab2db0910da3e7
SHA256

259cc64f693cbf84fdb998004e4487ef13988e54f80fb56f040054b2e6545a4a
SHA512

ff6b6b7704ae3bab88923422343c31c6a3bae24313e05e302d9a864d20df357f60081d9aa352e03a21c2f227d875050d0534db87ff09aef1f01382a4b4d849f4
SSDEEP

1536:kEKH810ge/VOFSQ1TreZedXpZqCsACHQWe3I5O1uwlRVnsKKYU0tgmpItrDTSYdw:kEKH810H/VHQ1T5WeYjwlRjK5Gvv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3044 wrote to memory of 2092	3044	rundll32.exe	rundll32.exe
PID 3044 wrote to memory of 2092	3044	rundll32.exe	rundll32.exe
PID 3044 wrote to memory of 2092	3044	rundll32.exe	rundll32.exe
PID 3044 wrote to memory of 2092	3044	rundll32.exe	rundll32.exe
PID 3044 wrote to memory of 2092	3044	rundll32.exe	rundll32.exe
PID 3044 wrote to memory of 2092	3044	rundll32.exe	rundll32.exe
PID 3044 wrote to memory of 2092	3044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\259cc64f693cbf84fdb998004e4487ef13988e54f80fb56f040054b2e6545a4a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\259cc64f693cbf84fdb998004e4487ef13988e54f80fb56f040054b2e6545a4a.dll,#1
  2⤵
  PID:2092