2258d2c455d2241f94f86dd568e6107b54c534bb1f15bc5a84e93e3165230898

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 00:49

Target

1e330860d3faa3763d28c0e59fbb2bd1.dll
Size

88KB
MD5

1e330860d3faa3763d28c0e59fbb2bd1
SHA1

18ecf8dc00176463cbe0a57685695e6728d0ae1b
SHA256

2258d2c455d2241f94f86dd568e6107b54c534bb1f15bc5a84e93e3165230898
SHA512

ec6c9aa347a013887af2e211fc7677c07c05f723eaba0ba18f3192b710dcb8eff089efb89cbc9453df93696537e620abf2bb864efe46af3f19500942025bf6e0
SSDEEP

1536:RPisobWqRuCh3CnKMOqd3KagJZ4X/RGKaNO8oibDJykcyHOK7R:RPisobTh3CKMdd3KagwXJGKaNtvJTum

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2332	2436	rundll32.exe	12
PID 2436 wrote to memory of 2332	2436	rundll32.exe	12
PID 2436 wrote to memory of 2332	2436	rundll32.exe	12
PID 2436 wrote to memory of 2332	2436	rundll32.exe	12
PID 2436 wrote to memory of 2332	2436	rundll32.exe	12
PID 2436 wrote to memory of 2332	2436	rundll32.exe	12
PID 2436 wrote to memory of 2332	2436	rundll32.exe	12

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e330860d3faa3763d28c0e59fbb2bd1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e330860d3faa3763d28c0e59fbb2bd1.dll,#1
  2⤵
  PID:2332

memory/2332-0-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/2332-1-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/2332-3-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/2332-2-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download