1616778babe6da0c0ceef10cbc7814a584299aaa01106b18c26f4e1f4da1dd74

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
11/12/2023, 10:21

Target

1616778babe6da0c0ceef10cbc7814a584299aaa01106b18c26f4e1f4da1dd74.dll
Size

19KB
MD5

734654f3c6b732fad89fcc17f3816df1
SHA1

9c01926ebb01b5532d695791d0a93fddb0d19d36
SHA256

1616778babe6da0c0ceef10cbc7814a584299aaa01106b18c26f4e1f4da1dd74
SHA512

bb903eadfd37adfb4c9c0c19c26382d9b6e37a8cca469695c5b7e859b91c8f211be5f40a2df3d24a8fe9644541e6afbb891bfc08e634242415d5d563f4c97d7a
SSDEEP

384:dOa90HiDE0tRWXJP05vOXpH2LZUNOBk4MV/jQpvzPq4bs:dOa90D0OBsIpH27u/j6vz7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2664	2660	rundll32.exe	13
PID 2660 wrote to memory of 2664	2660	rundll32.exe	13
PID 2660 wrote to memory of 2664	2660	rundll32.exe	13
PID 2660 wrote to memory of 2664	2660	rundll32.exe	13
PID 2660 wrote to memory of 2664	2660	rundll32.exe	13
PID 2660 wrote to memory of 2664	2660	rundll32.exe	13
PID 2660 wrote to memory of 2664	2660	rundll32.exe	13

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1616778babe6da0c0ceef10cbc7814a584299aaa01106b18c26f4e1f4da1dd74.dll,#1
1⤵
PID:2664

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1616778babe6da0c0ceef10cbc7814a584299aaa01106b18c26f4e1f4da1dd74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2660

memory/2664-1-0x00000000001F0000-0x00000000001F2000-memory.dmp

Filesize
8KB

Download
memory/2664-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download