70765af4e62f53adabe0872f38df0c84f4809321e80f341874f9f6c093fa23b8

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 22:57

Target

177f531d10e02f34c00d3105759b3031.dll
Size

146KB
MD5

177f531d10e02f34c00d3105759b3031
SHA1

e5412118574df74fdf444c86df1ce2d0cc51d950
SHA256

70765af4e62f53adabe0872f38df0c84f4809321e80f341874f9f6c093fa23b8
SHA512

b1c4395abb95746321d538a3d3b8a113411ba6a6790dfa5f1ece952165104bc1ae3b03d58eb8184e1ad94992b4e44dc1e44fce7fd03ec3c1976c539c69d3db33
SSDEEP

3072:s/inUh2LG3l1ygQ/fjoWuoBP6N1sZ9PlybGbdLrMvKYQJakH7:s/iUh2a11ygK+OQ499bdMvRC7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2864	2804	rundll32.exe	27
PID 2804 wrote to memory of 2864	2804	rundll32.exe	27
PID 2804 wrote to memory of 2864	2804	rundll32.exe	27
PID 2804 wrote to memory of 2864	2804	rundll32.exe	27
PID 2804 wrote to memory of 2864	2804	rundll32.exe	27
PID 2804 wrote to memory of 2864	2804	rundll32.exe	27
PID 2804 wrote to memory of 2864	2804	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\177f531d10e02f34c00d3105759b3031.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\177f531d10e02f34c00d3105759b3031.dll,#1
  2⤵
  PID:2864

memory/2864-0-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download
memory/2864-1-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/2864-5-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/2864-6-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download