bdd396a889642c8304b5cee8714cc59c618f5d1b3b7cc1841f12bf18fe14396d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:26

Target

196fb10caa62a183981bb3bba22f24b1.dll
Size

86KB
MD5

196fb10caa62a183981bb3bba22f24b1
SHA1

0ffafdc708ea1d90101a290a2c110e8e632d8ee1
SHA256

bdd396a889642c8304b5cee8714cc59c618f5d1b3b7cc1841f12bf18fe14396d
SHA512

0d4cf30a75821cc82215ef11719b4b263465c0d20ac484de0f31bd1b024de0b7c9151e054a9c98265200052658f5619f444b3aea15d553c007b27d178fec651a
SSDEEP

1536:aJLGTcJbhqQtOh4uwFbkOFHfNCG4BUILyokru1l6o1/n6g2HKd:oLGkgQgRIbkG0TBRUg2HKd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 700 wrote to memory of 1684	700	rundll32.exe	28
PID 700 wrote to memory of 1684	700	rundll32.exe	28
PID 700 wrote to memory of 1684	700	rundll32.exe	28
PID 700 wrote to memory of 1684	700	rundll32.exe	28
PID 700 wrote to memory of 1684	700	rundll32.exe	28
PID 700 wrote to memory of 1684	700	rundll32.exe	28
PID 700 wrote to memory of 1684	700	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\196fb10caa62a183981bb3bba22f24b1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\196fb10caa62a183981bb3bba22f24b1.dll,#1
  2⤵
  PID:1684