21c73d01d80873ed9350f5cae6b736fefa4c734ac2ee6a0ee6dce736a878be8e

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:27

Target

401b33266ae9ff2bc647fd465998977f.dll
Size

512KB
MD5

401b33266ae9ff2bc647fd465998977f
SHA1

8ce6767fcd0b67ea1b75e97de4635002cc2e623e
SHA256

21c73d01d80873ed9350f5cae6b736fefa4c734ac2ee6a0ee6dce736a878be8e
SHA512

43ef8717fd2000b16cd8377e8ba0e962fd8c15d88bc70330a5c3ba5d65f25abf88b4b22af7cde435426aa1990e85c9c730d450d231eb7d281357fe766e9141de
SSDEEP

12288:16v8NYtPx4FOcR07TZKo5Oe9vg9zhSho2/h+2OhS2H2Y2NhBhghH252rh12k2r2q:JNYlcR0xKoJ9vg9i

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2732	2332	rundll32.exe	27
PID 2332 wrote to memory of 2732	2332	rundll32.exe	27
PID 2332 wrote to memory of 2732	2332	rundll32.exe	27
PID 2332 wrote to memory of 2732	2332	rundll32.exe	27
PID 2332 wrote to memory of 2732	2332	rundll32.exe	27
PID 2332 wrote to memory of 2732	2332	rundll32.exe	27
PID 2332 wrote to memory of 2732	2332	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\401b33266ae9ff2bc647fd465998977f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\401b33266ae9ff2bc647fd465998977f.dll,#1
  2⤵
  PID:2732