4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da

Analysis

max time kernel
117s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 05:10

Target

e913b0d252d36f7c9b71268df4f634fb.dll
Size

89KB
MD5

e913b0d252d36f7c9b71268df4f634fb
SHA1

5ac70d8793712bcd8ede477071146bbb42d3f018
SHA256

4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da
SHA512

3ea08f0897c1b7b5859961351eef59840bbf319a6ad7ebe1c9e1b5e2ce25588d7b1a37fd6c5417653521fc73f1f42eb043d0ee6fcd645aa92b8f305d726273b4
SSDEEP

1536:Ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU19aB89p:RoUCWbBNpplToUs1uNhj25LJU/aB89p

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1164	2228	rundll32.exe	28
PID 2228 wrote to memory of 1164	2228	rundll32.exe	28
PID 2228 wrote to memory of 1164	2228	rundll32.exe	28
PID 2228 wrote to memory of 1164	2228	rundll32.exe	28
PID 2228 wrote to memory of 1164	2228	rundll32.exe	28
PID 2228 wrote to memory of 1164	2228	rundll32.exe	28
PID 2228 wrote to memory of 1164	2228	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e913b0d252d36f7c9b71268df4f634fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e913b0d252d36f7c9b71268df4f634fb.dll,#1
  2⤵
  PID:1164