f008aae7288355f4fb3c1b9aacad81a3879e818270facd1738b32522c4f6ae92

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:12

Target

14d911b5d2d411d37dca8dcbfa0dfd84.dll
Size

87KB
MD5

14d911b5d2d411d37dca8dcbfa0dfd84
SHA1

1fe771271abb9bb61bd848bca09a980f5e8bcb24
SHA256

f008aae7288355f4fb3c1b9aacad81a3879e818270facd1738b32522c4f6ae92
SHA512

74edba2583e71bafc03cb52c8009213aae091ab87246c5fdb08a801299ec664a271d679c170810357866889af4f03ad1652378d326e6bbd36c7a04120330cedb
SSDEEP

1536:d0w1n9uYWx1rzjs3W7ZmO+OqbN9klqq2WfAyvkoREAGDPV973dti9/og4:z19Or0xOzqbnkndAqY5dkoT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2512	1896	rundll32.exe	14
PID 1896 wrote to memory of 2512	1896	rundll32.exe	14
PID 1896 wrote to memory of 2512	1896	rundll32.exe	14
PID 1896 wrote to memory of 2512	1896	rundll32.exe	14
PID 1896 wrote to memory of 2512	1896	rundll32.exe	14
PID 1896 wrote to memory of 2512	1896	rundll32.exe	14
PID 1896 wrote to memory of 2512	1896	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14d911b5d2d411d37dca8dcbfa0dfd84.dll,#1
1⤵
PID:2512

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14d911b5d2d411d37dca8dcbfa0dfd84.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896

memory/2512-2-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/2512-4-0x0000000000130000-0x0000000000135000-memory.dmp

Filesize
20KB

Download
memory/2512-3-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/2512-1-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/2512-0-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download