0aa28ee5a9fa52a1325ded046ea0f1174002fdc16b8d1d354711ed5e18c586fc

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 15:30

Target

03abcb5d09d88987598915e7d7b815df.dll
Size

32KB
MD5

03abcb5d09d88987598915e7d7b815df
SHA1

f5ebbd808687e8aae51d0bcb311d0c79d31bc2bc
SHA256

0aa28ee5a9fa52a1325ded046ea0f1174002fdc16b8d1d354711ed5e18c586fc
SHA512

74290c801451b8eecd8ddc433f043c010ae96259fb26a1d650d911690375f3553860bbf7be902fc8dcb6967334b0856c0bea2f20fa9cfe26616f24270f25dbbf
SSDEEP

768:r6d7ris3HEFN6sy86Qtj5Pdp7twAcj2uPey7Hq8Dr5k0OqOEQRAY//LN:r6d7ris+6sy86Qtj5Pdp7twAu2up7HqP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 3056	2468	rundll32.exe	28
PID 2468 wrote to memory of 3056	2468	rundll32.exe	28
PID 2468 wrote to memory of 3056	2468	rundll32.exe	28
PID 2468 wrote to memory of 3056	2468	rundll32.exe	28
PID 2468 wrote to memory of 3056	2468	rundll32.exe	28
PID 2468 wrote to memory of 3056	2468	rundll32.exe	28
PID 2468 wrote to memory of 3056	2468	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03abcb5d09d88987598915e7d7b815df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03abcb5d09d88987598915e7d7b815df.dll,#1
  2⤵
  PID:3056