dec42de0a61043c254e7dafc9fdd682f1d198548d00b2775f069d24436d45e6a

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 19:08

Target

dec42de0a61043c254e7dafc9fdd682f1d198548d00b2775f069d24436d45e6a.dll
Size

114KB
MD5

f1fd87a86e87111c95a06c2a0dd3c375
SHA1

751c8ae42ab41111925b2d0c4761f6b2fd701241
SHA256

dec42de0a61043c254e7dafc9fdd682f1d198548d00b2775f069d24436d45e6a
SHA512

5f2b193d49e185642f8d5f734aa1f1235853f983ef11adffa92eff4a32747e8c448422fcd095308021d957298419828ccad0ca56416f54f6631cc8ec04171bdb
SSDEEP

3072:IM0/QSk3tGYqQiUPXdaoFUSTB1aKprDBGyuDCS2RT:I7/PcRqQrXdNl1a/HUT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2244	2216	rundll32.exe	28
PID 2216 wrote to memory of 2244	2216	rundll32.exe	28
PID 2216 wrote to memory of 2244	2216	rundll32.exe	28
PID 2216 wrote to memory of 2244	2216	rundll32.exe	28
PID 2216 wrote to memory of 2244	2216	rundll32.exe	28
PID 2216 wrote to memory of 2244	2216	rundll32.exe	28
PID 2216 wrote to memory of 2244	2216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dec42de0a61043c254e7dafc9fdd682f1d198548d00b2775f069d24436d45e6a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dec42de0a61043c254e7dafc9fdd682f1d198548d00b2775f069d24436d45e6a.dll,#1
  2⤵
  PID:2244