53c44b626b2754cf3ef77dc1ba7cb9ef39b5a33539915c2b9c2420aaac15c129

Analysis

max time kernel
8s
max time network
28s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:53

Target

09bbefd6cf13e2ff9638f32545bec716.dll
Size

92KB
MD5

09bbefd6cf13e2ff9638f32545bec716
SHA1

c12cde705f79aa6350286ee2292f5248c7e50ff3
SHA256

53c44b626b2754cf3ef77dc1ba7cb9ef39b5a33539915c2b9c2420aaac15c129
SHA512

4e3eef885b6e7fdb9541e2b1bb750453c08e0fb0cc95d4a2a073656c9d3a618eb0b4b013b9cda8e0457e71ac65e31b05d326bcb80479bd5cdbdd9f43c3ca1cc4
SSDEEP

1536:EpBxLYP2hwMBlUKI4kLsbid+QZMvx685A9nZyILcnPH/:EPd7wMBqMkYe4QSJ68S9AIwnPH/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 2520	1036	rundll32.exe	28
PID 1036 wrote to memory of 2520	1036	rundll32.exe	28
PID 1036 wrote to memory of 2520	1036	rundll32.exe	28
PID 1036 wrote to memory of 2520	1036	rundll32.exe	28
PID 1036 wrote to memory of 2520	1036	rundll32.exe	28
PID 1036 wrote to memory of 2520	1036	rundll32.exe	28
PID 1036 wrote to memory of 2520	1036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09bbefd6cf13e2ff9638f32545bec716.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09bbefd6cf13e2ff9638f32545bec716.dll,#1
  2⤵
  PID:2520

memory/2520-0-0x00000000001C0000-0x00000000001F1000-memory.dmp

Filesize
196KB

Download
memory/2520-1-0x00000000001C0000-0x00000000001F1000-memory.dmp

Filesize
196KB

Download
memory/2520-2-0x00000000001C0000-0x00000000001F1000-memory.dmp

Filesize
196KB

Download
memory/2520-3-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download