39cc1f20a86743d944825d71586232b10e13e51837c5d2337f32c304a85a5d1d

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 22:58

Target

41ab914bf970b95cfd24570507a1641d.dll
Size

85KB
MD5

41ab914bf970b95cfd24570507a1641d
SHA1

bce6876fc38ffbd3c93b5fa54a6c78ccb7976cf9
SHA256

39cc1f20a86743d944825d71586232b10e13e51837c5d2337f32c304a85a5d1d
SHA512

b1580e7e30a2350c3d092604e9d5c0740de7b9ea30544f1c0418df67c7260be651854079128bdcc8ce57aa3ff8761608020a731a90b4bb1b93172e6e94627094
SSDEEP

1536:5gmZk7ctwuOh8zyunm68m5hBlBk0eSs1NZ4YLN+eezXqgmICULHr3gN:5gmZmctwJUywmrm5hRMSaMf7mI3a

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2508	2652	rundll32.exe	28
PID 2652 wrote to memory of 2508	2652	rundll32.exe	28
PID 2652 wrote to memory of 2508	2652	rundll32.exe	28
PID 2652 wrote to memory of 2508	2652	rundll32.exe	28
PID 2652 wrote to memory of 2508	2652	rundll32.exe	28
PID 2652 wrote to memory of 2508	2652	rundll32.exe	28
PID 2652 wrote to memory of 2508	2652	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41ab914bf970b95cfd24570507a1641d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41ab914bf970b95cfd24570507a1641d.dll,#1
  2⤵
  PID:2508

memory/2508-0-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download
memory/2508-1-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download
memory/2508-2-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download
memory/2508-3-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download