28ee64cfcb278c6d58d63a660aa8d5b516a4172ee7d4b05f9dc1247498f804f0

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 04:21

Target

28ee64cfcb278c6d58d63a660aa8d5b516a4172ee7d4b05f9dc1247498f804f0.dll
Size

2.1MB
MD5

219878ed7ec6a37d9188f7ad205fbe6e
SHA1

9a1051ae385bca8ba80a76addedf62bb091f673b
SHA256

28ee64cfcb278c6d58d63a660aa8d5b516a4172ee7d4b05f9dc1247498f804f0
SHA512

de321dcb7ce0f0867e508b2c9af2d10563e46fc13c5049111118240254e42cdb66538a42051cee24c4b8cb2055a96e7f4a5e755c83cbd4e22ef7199acd14d7c3
SSDEEP

49152:vcz84B8m/oJoQAXJmVmEfZOkNPSTqctjRTDpJMMd:k7qm/oMcrPSTqsL5d

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2888	2240	rundll32.exe	28
PID 2240 wrote to memory of 2888	2240	rundll32.exe	28
PID 2240 wrote to memory of 2888	2240	rundll32.exe	28
PID 2240 wrote to memory of 2888	2240	rundll32.exe	28
PID 2240 wrote to memory of 2888	2240	rundll32.exe	28
PID 2240 wrote to memory of 2888	2240	rundll32.exe	28
PID 2240 wrote to memory of 2888	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28ee64cfcb278c6d58d63a660aa8d5b516a4172ee7d4b05f9dc1247498f804f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28ee64cfcb278c6d58d63a660aa8d5b516a4172ee7d4b05f9dc1247498f804f0.dll,#1
  2⤵
  PID:2888