68a11f19284705f89730b98ee8a37ee66468c597738c486e3a9abbc74d45ac54

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 10:46

Target

68a11f19284705f89730b98ee8a37ee66468c597738c486e3a9abbc74d45ac54.dll
Size

2.2MB
MD5

05d70f19d65f7fdc7341ef099c934d0c
SHA1

4d9869d304ff8d5af9300dc31640a0d7c57f8c66
SHA256

68a11f19284705f89730b98ee8a37ee66468c597738c486e3a9abbc74d45ac54
SHA512

cedd7b557c0cc6522e70a8c4ec518d3bb2dc76a02c8c12bfec7906c2d515709663908aa076d7df2371ad694247847d6c8643fe74913fd25e62f6d2a174fbac85
SSDEEP

49152:TJd0OM5Xym/8RgJmYM97tQjFozL19wNa/Wgv:VCOM5wyJjjFKp9JWgv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2252	2224	rundll32.exe	28
PID 2224 wrote to memory of 2252	2224	rundll32.exe	28
PID 2224 wrote to memory of 2252	2224	rundll32.exe	28
PID 2224 wrote to memory of 2252	2224	rundll32.exe	28
PID 2224 wrote to memory of 2252	2224	rundll32.exe	28
PID 2224 wrote to memory of 2252	2224	rundll32.exe	28
PID 2224 wrote to memory of 2252	2224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68a11f19284705f89730b98ee8a37ee66468c597738c486e3a9abbc74d45ac54.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68a11f19284705f89730b98ee8a37ee66468c597738c486e3a9abbc74d45ac54.dll,#1
  2⤵
  PID:2252