f41361260452ca88234175b4ab0aaa458178fb5c22a4798b4c68cafd3602e11d

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 14:34

Target

smartsoft_4.1.7/supportfiles/customResource0009.dll
Size

2.0MB
MD5

7c72d53d3bf993653f562143d2f4765e
SHA1

36739563d986c659381b027e66ca3e4b4479fab4
SHA256

41cfefacfaadba868b7ee46efbceb4f08f2271fcb375846dba3585f3535038fb
SHA512

4a671e431d8ef92dfea548c40a799739b111ca59634032aa9f4bcb8c15df7b9e5026c78520e6803802b936bec1376abf44c51797396bb69d81ba89650eccdbd0
SSDEEP

3072:hIXatRRGSPVA8Oxp0he0npsMv1gcORJUB+0nJUVn:hI6q8Oxp0he0nyMKcORJUB+0ny

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2200	2000	rundll32.exe	28
PID 2000 wrote to memory of 2200	2000	rundll32.exe	28
PID 2000 wrote to memory of 2200	2000	rundll32.exe	28
PID 2000 wrote to memory of 2200	2000	rundll32.exe	28
PID 2000 wrote to memory of 2200	2000	rundll32.exe	28
PID 2000 wrote to memory of 2200	2000	rundll32.exe	28
PID 2000 wrote to memory of 2200	2000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\smartsoft_4.1.7\supportfiles\customResource0009.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\smartsoft_4.1.7\supportfiles\customResource0009.dll,#1
  2⤵
  PID:2200