bee3137a230b4b2d9c4f58d11c5049d21b5428f72bb1560f9dc9d8f6d6e2ba88

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28-11-2023 07:00

Target

bee3137a230b4b2d9c4f58d11c5049d21b5428f72bb1560f9dc9d8f6d6e2ba88.dll
Size

2.1MB
MD5

defd227f299d04dec58d6a01ea89d836
SHA1

50b71f246a3f953083e0af3205b63ad02c79d571
SHA256

bee3137a230b4b2d9c4f58d11c5049d21b5428f72bb1560f9dc9d8f6d6e2ba88
SHA512

6c6434e68badaaee85f96a6aad25291f831c37461ee99f6e3045cbeffcaf8619b3be6a5afc5a5da8618a55709a811cb29c2afa1cadfe2d27e69b459169c4cf87
SSDEEP

49152:WRKl+oOyXY1kuEGlMHhRqUUxgTyUESVdlf6zqDtrP:nwcI1kuEGlSc0Phl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2296	2028	rundll32.exe	28
PID 2028 wrote to memory of 2296	2028	rundll32.exe	28
PID 2028 wrote to memory of 2296	2028	rundll32.exe	28
PID 2028 wrote to memory of 2296	2028	rundll32.exe	28
PID 2028 wrote to memory of 2296	2028	rundll32.exe	28
PID 2028 wrote to memory of 2296	2028	rundll32.exe	28
PID 2028 wrote to memory of 2296	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bee3137a230b4b2d9c4f58d11c5049d21b5428f72bb1560f9dc9d8f6d6e2ba88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bee3137a230b4b2d9c4f58d11c5049d21b5428f72bb1560f9dc9d8f6d6e2ba88.dll,#1
  2⤵
  PID:2296