d8808ec9ed6a59fd3fae68f795d53e36ad604f94c1e459160fa0ac62e9305f2c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13/07/2023, 19:18

Target

0b5756e0ea5d57exe_JC.dll
Size

205KB
MD5

0b5756e0ea5d5728455dee847371b574
SHA1

af7d1ee4512d339ca0d4dd9a3e52387336d24870
SHA256

d8808ec9ed6a59fd3fae68f795d53e36ad604f94c1e459160fa0ac62e9305f2c
SHA512

9a0396b11cf8ebcaddedc0dfb2efa25762fee938f90b1d570991619524f69f9e3c386b76708aaf8833f3d44b3df6cc3d1383a241a2459a6ed5a99efc26e1c9a3
SSDEEP

3072:IBaK6WeIBEkOM4tDo8C0Y/9fdlq1TQ3VxLylm6jixvjEUhJ5Q:IBaGBEzMiDo8CFVHq1TQ3CjixjJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2688	2116	rundll32.exe	28
PID 2116 wrote to memory of 2688	2116	rundll32.exe	28
PID 2116 wrote to memory of 2688	2116	rundll32.exe	28
PID 2116 wrote to memory of 2688	2116	rundll32.exe	28
PID 2116 wrote to memory of 2688	2116	rundll32.exe	28
PID 2116 wrote to memory of 2688	2116	rundll32.exe	28
PID 2116 wrote to memory of 2688	2116	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b5756e0ea5d57exe_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b5756e0ea5d57exe_JC.dll,#1
  2⤵
  PID:2688