6ec3c37180a493f8f0acdd004addb3bc106f11292617122c319d5ea6b7d3784c

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 15:05

Target

b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll
Size

14KB
MD5

b01b8194290fecdf7481b859ec38a3a0
SHA1

0036780e105b0e2831b5f5536dcefff104627278
SHA256

6ec3c37180a493f8f0acdd004addb3bc106f11292617122c319d5ea6b7d3784c
SHA512

1d06797e3106d2f6c11d337e86656eb0f99857662a90d765d9967793978af89c35ce5bea21c28ba8e5730e201df1efeb31e4b357d9467962e2756c3f4fb13be5
SSDEEP

192:nOsSMaQDi4du+RfSgWJCJ9VprGyk5vi4m7VccEHoVt8L9d9CAT3X7jGR0It2:nOVak+RoCJHwf1mxccEHT9CCLjGWIt2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3004	2224	rundll32.exe	28
PID 2224 wrote to memory of 3004	2224	rundll32.exe	28
PID 2224 wrote to memory of 3004	2224	rundll32.exe	28
PID 2224 wrote to memory of 3004	2224	rundll32.exe	28
PID 2224 wrote to memory of 3004	2224	rundll32.exe	28
PID 2224 wrote to memory of 3004	2224	rundll32.exe	28
PID 2224 wrote to memory of 3004	2224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll,#1
  2⤵
  PID:3004