ce747fae7e409e3eb45b82fae08f7fd60743b0f0f8276a8c23b53652fa779569

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 04:12

Target

6149314f12094e79034708e8a5b8da0b.dll
Size

101KB
MD5

6149314f12094e79034708e8a5b8da0b
SHA1

3c9dfbfc0867aaec94835a120204d67fe8e8a5f9
SHA256

ce747fae7e409e3eb45b82fae08f7fd60743b0f0f8276a8c23b53652fa779569
SHA512

2fc5700a13c8cddf5c746c2a4fa4f4431fa5971ff653bba61a74ae125039fa852b80bee13559f429dc5196f0e1fcefd169a807c59c88b88629a70bf60994fb3f
SSDEEP

1536:cpvcUXawxiq2XRoZhwyrODBK1eNumLlmQuIeXcc3ItxUvAoeIF:4vcUq6WmoyrODEob3uhcgItSAoeIF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1032	1916	rundll32.exe	28
PID 1916 wrote to memory of 1032	1916	rundll32.exe	28
PID 1916 wrote to memory of 1032	1916	rundll32.exe	28
PID 1916 wrote to memory of 1032	1916	rundll32.exe	28
PID 1916 wrote to memory of 1032	1916	rundll32.exe	28
PID 1916 wrote to memory of 1032	1916	rundll32.exe	28
PID 1916 wrote to memory of 1032	1916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6149314f12094e79034708e8a5b8da0b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6149314f12094e79034708e8a5b8da0b.dll,#1
  2⤵
  PID:1032

memory/1032-0-0x0000000074B50000-0x00000000750FB000-memory.dmp

Filesize
5.7MB

Download
memory/1032-1-0x0000000074B50000-0x00000000750FB000-memory.dmp

Filesize
5.7MB

Download
memory/1032-2-0x0000000000980000-0x00000000009C0000-memory.dmp

Filesize
256KB

Download
memory/1032-3-0x0000000074B50000-0x00000000750FB000-memory.dmp

Filesize
5.7MB

Download