aed93659d873e322496a06d9fd756e5885593ec60c221697bbf103f3f9488b1b

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/12/2023, 00:26

Target

aed93659d873e322496a06d9fd756e5885593ec60c221697bbf103f3f9488b1b.dll
Size

53KB
MD5

c489a5e33847ce806f5c1b799744a77e
SHA1

c81be2f8ebbda2963dd89a8438ae35b0c74ce069
SHA256

aed93659d873e322496a06d9fd756e5885593ec60c221697bbf103f3f9488b1b
SHA512

d40926a2f2033a6c0a60a8d131a95aab422b4c5d746c82548e70bb3478d9a9d33c327cce9e9b1fbdd231bb4260cb026bd18b4baa780afd3fd4f3c062f266ba57
SSDEEP

768:ImozCUAmQjjGRBgbYQ/Zjj9WjI0eQwj0FZV:LaCOjZV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2256	2168	rundll32.exe	28
PID 2168 wrote to memory of 2256	2168	rundll32.exe	28
PID 2168 wrote to memory of 2256	2168	rundll32.exe	28
PID 2168 wrote to memory of 2256	2168	rundll32.exe	28
PID 2168 wrote to memory of 2256	2168	rundll32.exe	28
PID 2168 wrote to memory of 2256	2168	rundll32.exe	28
PID 2168 wrote to memory of 2256	2168	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aed93659d873e322496a06d9fd756e5885593ec60c221697bbf103f3f9488b1b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aed93659d873e322496a06d9fd756e5885593ec60c221697bbf103f3f9488b1b.dll,#1
  2⤵
  PID:2256