b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
25-08-2023 05:40

Target

b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75.dll
Size

96KB
MD5

11db5a1d15942c7995a8940d190e5979
SHA1

3cc0e969a86bd2b86cdb4f69e4c5b020eb49ec02
SHA256

b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75
SHA512

206f84d254e90958188210b67c694913b134f4c0867cae6b02dd4892416b49f1b37936b491203fbeb85edcb6b42fd75b83a7212634dd9d82e5b26f92208b0fa3
SSDEEP

1536:i2yNWTyVrtUps8aHN+CfdyXODKGEmQu+hVQDfOJbomjcm7PRc:i27+VxUuLxfdyXfmts5bncWpc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1184	1260	rundll32.exe	28
PID 1260 wrote to memory of 1184	1260	rundll32.exe	28
PID 1260 wrote to memory of 1184	1260	rundll32.exe	28
PID 1260 wrote to memory of 1184	1260	rundll32.exe	28
PID 1260 wrote to memory of 1184	1260	rundll32.exe	28
PID 1260 wrote to memory of 1184	1260	rundll32.exe	28
PID 1260 wrote to memory of 1184	1260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75.dll,#1
  2⤵
  PID:1184