0e5a1848f20fb9ca227676682c7645ae1c46dbd2947024d0b6c7f8e1d6a53a24

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 09:36

Target

81cbdfcf6208cf58cb2c6ca6da33f16b.dll
Size

29KB
MD5

81cbdfcf6208cf58cb2c6ca6da33f16b
SHA1

ce4157d2954f316834a859183950960c72baea22
SHA256

0e5a1848f20fb9ca227676682c7645ae1c46dbd2947024d0b6c7f8e1d6a53a24
SHA512

200f69da309131f169ddd9165f33a959f92800fa3ec06180bdacd7a14ff8ecc8dbd56b63d3d8e1ecfd6e4d3095d6c500db9e04d9f125bad5c7026122032521a1
SSDEEP

768:O5y3E52rDxluCgtQ7Y0bfPURUhD6Dr3vCZPBrmonX1lNFajt2IxKC:Oo3E5ztQ7xbfPXhDSr/CtBycbvWfxKC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2456	2444	rundll32.exe	28
PID 2444 wrote to memory of 2456	2444	rundll32.exe	28
PID 2444 wrote to memory of 2456	2444	rundll32.exe	28
PID 2444 wrote to memory of 2456	2444	rundll32.exe	28
PID 2444 wrote to memory of 2456	2444	rundll32.exe	28
PID 2444 wrote to memory of 2456	2444	rundll32.exe	28
PID 2444 wrote to memory of 2456	2444	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\81cbdfcf6208cf58cb2c6ca6da33f16b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\81cbdfcf6208cf58cb2c6ca6da33f16b.dll,#1
  2⤵
  PID:2456