99c93bcafdc3659c5aeb6dba478bcf975d3df40d8f458d70e020a74d072f041b

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30/09/2023, 14:26

Target

99c93bcafdc3659c5aeb6dba478bcf975d3df40d8f458d70e020a74d072f041b.dll
Size

2.0MB
MD5

1309ffee3341a297776b061316313d2a
SHA1

59e6e2447c0d583365d4866d13f0e59bebc85d2c
SHA256

99c93bcafdc3659c5aeb6dba478bcf975d3df40d8f458d70e020a74d072f041b
SHA512

44004d115160e1ac38da14e7e631f9c5c78a2be329db453ec1aa0dca70acdb2484519979cb5669d39233d4d21718ae6fc5da70f850dd3416de45a1f746868bf9
SSDEEP

49152:4FIbdyf/vgyuEC3GhYqlVi9/6pNMEhJL1Hvr9:QIbg/MmhYqlVi9/6pv9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2308	1864	rundll32.exe	28
PID 1864 wrote to memory of 2308	1864	rundll32.exe	28
PID 1864 wrote to memory of 2308	1864	rundll32.exe	28
PID 1864 wrote to memory of 2308	1864	rundll32.exe	28
PID 1864 wrote to memory of 2308	1864	rundll32.exe	28
PID 1864 wrote to memory of 2308	1864	rundll32.exe	28
PID 1864 wrote to memory of 2308	1864	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99c93bcafdc3659c5aeb6dba478bcf975d3df40d8f458d70e020a74d072f041b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99c93bcafdc3659c5aeb6dba478bcf975d3df40d8f458d70e020a74d072f041b.dll,#1
  2⤵
  PID:2308