51d47f73804602991768990f489af45dd182ccea0bc0a623f363719a888cb307

Analysis

max time kernel
31s
max time network
35s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07-07-2023 18:33

Target

51d47f73804602991768990f4.dll
Size

228KB
MD5

6157204e5fc5c51bbd722727cdffbcac
SHA1

330459e54613917044fee125737d8ebdc6bc25d7
SHA256

51d47f73804602991768990f489af45dd182ccea0bc0a623f363719a888cb307
SHA512

68f585d1233d7e81082b86301c99f1b3e980d4a61ecde148bc581e2e7f1718966ce33ae8d89e1fe06e17c0a71f3143587fc47dc21c57724cd777a4c32fe79752
SSDEEP

3072:87fa/C0ofaSLSXZmCpgs8kRDFXa/BovD3hEK4fhIvSIMalW8tcngztCan:87MC0OSXICpd8klFXaJorRJ4r1pngzs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2360 wrote to memory of 2064	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 2064	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 2064	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 2064	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 2064	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 2064	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 2064	2360	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\51d47f73804602991768990f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\51d47f73804602991768990f4.dll,#1
  2⤵
  PID:2064