e8f5f8c03d65db5662b4531237bfdb95120f9b5f17359b405581040136e6030a

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:24

Target

1959a0c2e62064d31a678fb69cd04fe3.dll
Size

161KB
MD5

1959a0c2e62064d31a678fb69cd04fe3
SHA1

3f6d43a9e834345f609a1d4a67293dde543ea09b
SHA256

e8f5f8c03d65db5662b4531237bfdb95120f9b5f17359b405581040136e6030a
SHA512

949e8649aaf3b59e8605bb0262cdfa1753a3b0a2ba8702b66c895be5325800c290f66ae3a51d86f6bb80121d0e83c5171f2f0354a4dbf3c3b73b342e53ab621a
SSDEEP

3072:4ZO4Rd/yv8GoZegvVSbymnDSnyHOTgkTCxktFy7JHVf:F4r/iEIznun5gsdW7NVf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2240	1424	rundll32.exe	28
PID 1424 wrote to memory of 2240	1424	rundll32.exe	28
PID 1424 wrote to memory of 2240	1424	rundll32.exe	28
PID 1424 wrote to memory of 2240	1424	rundll32.exe	28
PID 1424 wrote to memory of 2240	1424	rundll32.exe	28
PID 1424 wrote to memory of 2240	1424	rundll32.exe	28
PID 1424 wrote to memory of 2240	1424	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1959a0c2e62064d31a678fb69cd04fe3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1959a0c2e62064d31a678fb69cd04fe3.dll,#1
  2⤵
  PID:2240