75d975cd5eef09d76abb4eae6a09f4e6f4c8a4d70e92d1c7bf6c736f056091f8

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23-10-2023 15:25

Target

sample.dll
Size

204KB
MD5

72756e6ebb8274d9352d8d1e7e505906
SHA1

784b4abe5b84b0f3d27603e99c600e8c757e3497
SHA256

80f31bf4e0b4ba1d3c963cf37dd7cefb5517b6454f7809fe3a1703e8b5941b41
SHA512

c01ce4515acfac95b3d8c350b8632ce14e14edfc956cc3c615c9b773ec7a1f7c2a08a4fa13d7d8c1eba1e01e6de57fc6b23f3bd9ea23ef96970f84864855c8e4
SSDEEP

3072:efvhgLYaHRv6GfdQOxqrNPAkRxhzpwGvx0VS/tIcp287/X6sIFzxXVWJX97/Cbp:Tk+URPPRjdwpGIabirBxXVqbQp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1692	2220	rundll32.exe	28
PID 2220 wrote to memory of 1692	2220	rundll32.exe	28
PID 2220 wrote to memory of 1692	2220	rundll32.exe	28
PID 2220 wrote to memory of 1692	2220	rundll32.exe	28
PID 2220 wrote to memory of 1692	2220	rundll32.exe	28
PID 2220 wrote to memory of 1692	2220	rundll32.exe	28
PID 2220 wrote to memory of 1692	2220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sample.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\sample.dll,#1
  2⤵
  PID:1692

memory/1692-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download