db4dd6b8f35b212567d5b20d5a2a9da652338a5144ccd278abd66b0232dc76ef

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
12-07-2023 01:01

Target

db4dd6b8f35b212567d5b20d5a2a9da652338a5144ccd278abd66b0232dc76ef.dll
Size

60KB
MD5

c0f81da97c72d99c01ba0be8394e3809
SHA1

eb5a4fdcc869f91ce3dd182b7b69dc962e667708
SHA256

db4dd6b8f35b212567d5b20d5a2a9da652338a5144ccd278abd66b0232dc76ef
SHA512

b8e036a990a50afa9ed3dcd425a65a8cf6b11885dfe9dfcb0529745b3af9b070231449639bcbb10271ca63554d646b0c1fcffa0b149530e826e957a2a30d36da
SSDEEP

1536:l0xvHK24aGPKd01SF7HgqUsTCFgsepzy7xAboL+b6K:cHK2470F7AqPTiMmyboLc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 3060	816	rundll32.exe	28
PID 816 wrote to memory of 3060	816	rundll32.exe	28
PID 816 wrote to memory of 3060	816	rundll32.exe	28
PID 816 wrote to memory of 3060	816	rundll32.exe	28
PID 816 wrote to memory of 3060	816	rundll32.exe	28
PID 816 wrote to memory of 3060	816	rundll32.exe	28
PID 816 wrote to memory of 3060	816	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db4dd6b8f35b212567d5b20d5a2a9da652338a5144ccd278abd66b0232dc76ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db4dd6b8f35b212567d5b20d5a2a9da652338a5144ccd278abd66b0232dc76ef.dll,#1
  2⤵
  PID:3060