295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
26-10-2023 06:02

Target

295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d.dll
Size

271KB
MD5

fa7d98ef21b82974207437ba36d1125a
SHA1

d14b875d28762852460c6bc941d4f0f0209bdb30
SHA256

295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d
SHA512

e55e25c05755b60722982fcfbdd5952e753839e0701f763f353225d1bdbe044eede5522ed72c9114d0e37996d9f9437fc7449e7cdf53f72763058a0d49054201
SSDEEP

6144:MEzp4qIDRd6EqFmcCBk9LHZEPSZ/Of626BioBRXFsjf3FOUXzsezZOi:1zp4qIDqRi8ZEatP26BzzU

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 3024 set thread context of 1196 3024 rundll32.exe notepad.exe

description	pid	process	target process
PID 3024 set thread context of 1196	3024	rundll32.exe	notepad.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3024 wrote to memory of 1196	3024	rundll32.exe	notepad.exe
PID 3024 wrote to memory of 1196	3024	rundll32.exe	notepad.exe
PID 3024 wrote to memory of 1196	3024	rundll32.exe	notepad.exe
PID 3024 wrote to memory of 1196	3024	rundll32.exe	notepad.exe

memory/1196-0-0x0000000000060000-0x00000000000A1000-memory.dmp

Filesize
260KB

Download
memory/1196-2-0x0000000000060000-0x00000000000A1000-memory.dmp

Filesize
260KB

Download