1b59ce899a0d04bff181bcc310c75f5712a7a248fa1d73f9e69d935ced9d840f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 10:02

Target

8371f9730432fa8349b10fd1fe6c1996.dll
Size

660KB
MD5

8371f9730432fa8349b10fd1fe6c1996
SHA1

6b0cd7a888ff98808f0f05712e1795ae920b5459
SHA256

1b59ce899a0d04bff181bcc310c75f5712a7a248fa1d73f9e69d935ced9d840f
SHA512

a24873b100062c735e0ae8ae3634d00050cdf1609f9ebfe6cae49cd8de26aaf391b87ac08d6f88f44fc926bd11f9957bca2faab0aad67bd581c2feee0d10bede
SSDEEP

12288:JtLFCVOy3/nHTsNaHswwpnD8BX8LGthJ1NSII3VkSEtCQ:J5sVLnHTaaGQsLGz70JO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2304	2140	rundll32.exe	16
PID 2140 wrote to memory of 2304	2140	rundll32.exe	16
PID 2140 wrote to memory of 2304	2140	rundll32.exe	16
PID 2140 wrote to memory of 2304	2140	rundll32.exe	16
PID 2140 wrote to memory of 2304	2140	rundll32.exe	16
PID 2140 wrote to memory of 2304	2140	rundll32.exe	16
PID 2140 wrote to memory of 2304	2140	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8371f9730432fa8349b10fd1fe6c1996.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8371f9730432fa8349b10fd1fe6c1996.dll,#1
  2⤵
  PID:2304

memory/2304-1-0x0000000074A30000-0x0000000074ADA000-memory.dmp

Filesize
680KB

Download
memory/2304-0-0x0000000074990000-0x00000000749A3000-memory.dmp

Filesize
76KB

Download