1381cf8a058e3ae204a90df369e8199076a1f51c06f3b1b5ffd9733dd7d8b280

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 22:43

Target

16a0d974a14d86196fb51c999dd9d88f.dll
Size

192KB
MD5

16a0d974a14d86196fb51c999dd9d88f
SHA1

b6a2a389595adae9d5d3dcfe515c1c021bbf5796
SHA256

1381cf8a058e3ae204a90df369e8199076a1f51c06f3b1b5ffd9733dd7d8b280
SHA512

c5e1d76a2ab1c9c35659b67dd3eff293769019a485d4f984a7b778807cd26e6dcf02727c3db3456b4da33d5b47d9fa39bf63eba401858daa8c72b67161bdf920
SSDEEP

3072:9NbpOnPsGqQTruHLD7RcQxKrrdNU0VAtrOpOOWxOv4Kn7qbjx7T/Hrmq:9NbqaLD7RcukVAtSQOWcgWqbV77Lmq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 952	1736	rundll32.exe	14
PID 1736 wrote to memory of 952	1736	rundll32.exe	14
PID 1736 wrote to memory of 952	1736	rundll32.exe	14
PID 1736 wrote to memory of 952	1736	rundll32.exe	14
PID 1736 wrote to memory of 952	1736	rundll32.exe	14
PID 1736 wrote to memory of 952	1736	rundll32.exe	14
PID 1736 wrote to memory of 952	1736	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16a0d974a14d86196fb51c999dd9d88f.dll,#1
1⤵
PID:952

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16a0d974a14d86196fb51c999dd9d88f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736