1ad7466d6703ad3d5d5bf98372546ffe55dcb60705da20c7e1dad8330e54ece3

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04-08-2023 15:30

Target

Medusa.uno (1).dll
Size

1.9MB
MD5

d45915a10746f2833b6e87077cec2bf0
SHA1

86c1c9ee7d458680053967e882caa8e17a98ccf8
SHA256

1ad7466d6703ad3d5d5bf98372546ffe55dcb60705da20c7e1dad8330e54ece3
SHA512

2dd36d345df5df6a395084b1110af9191f49ac3660f0eeedbfbdcf57ef983b30b91cca00fc3ac106b64b0cb982ca3e920071cbde753814406dc6bb49aff36138
SSDEEP

24576:WfpIo7AOFE4cjTKfy+SmNdNo4ql98/oLeEFmsYpZTmVBFRck052ZjVE/dH+wITP0:wAJHKq8dk4mVB7ZxE/IwITPS3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2592	2596	rundll32.exe	28
PID 2596 wrote to memory of 2592	2596	rundll32.exe	28
PID 2596 wrote to memory of 2592	2596	rundll32.exe	28
PID 2596 wrote to memory of 2592	2596	rundll32.exe	28
PID 2596 wrote to memory of 2592	2596	rundll32.exe	28
PID 2596 wrote to memory of 2592	2596	rundll32.exe	28
PID 2596 wrote to memory of 2592	2596	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Medusa.uno (1).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Medusa.uno (1).dll",#1
  2⤵
  PID:2592

memory/2592-54-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download