005c589baa2b0b9a4ab49cc7a50c4d132f911f81f7e394ef9a2b7b7c6cc058b4

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 01:14

Target

1fab2fac8e63b0fe6fa6575c47406a37.dll
Size

73KB
MD5

1fab2fac8e63b0fe6fa6575c47406a37
SHA1

dad2c5f6d01eead0417262626589d3ff4d442b64
SHA256

005c589baa2b0b9a4ab49cc7a50c4d132f911f81f7e394ef9a2b7b7c6cc058b4
SHA512

cf6f38cef6f60152facfcbef57e79a1cf37dfa41c5157a4e82ec293f2e05d320c078886a556edac05d541b6cb882bad3fe2122f3e3f0702e2acd74cc96881337
SSDEEP

768:3YUvvQrPHrtT7mV1+gb59LYKTVd+TFWK4eoJDeX9ZMmNcZkfKNvQ7HiH/L:3YUaPVmV1Db/L7uFWK4e19Iki5vf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2312	2888	rundll32.exe	28
PID 2888 wrote to memory of 2312	2888	rundll32.exe	28
PID 2888 wrote to memory of 2312	2888	rundll32.exe	28
PID 2888 wrote to memory of 2312	2888	rundll32.exe	28
PID 2888 wrote to memory of 2312	2888	rundll32.exe	28
PID 2888 wrote to memory of 2312	2888	rundll32.exe	28
PID 2888 wrote to memory of 2312	2888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fab2fac8e63b0fe6fa6575c47406a37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fab2fac8e63b0fe6fa6575c47406a37.dll,#1
  2⤵
  PID:2312

memory/2312-0-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download