159f51288a9e3ed5fe186b2fa02bd81640ccb975c0cbf8e98c2af6354f9ffd9c

Analysis

max time kernel
121s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:33

Target

0353d3312e1f36e1df83f2d68236c45d.dll
Size

141KB
MD5

0353d3312e1f36e1df83f2d68236c45d
SHA1

362030cf9b01ca01d421e579838b236af290dcd2
SHA256

159f51288a9e3ed5fe186b2fa02bd81640ccb975c0cbf8e98c2af6354f9ffd9c
SHA512

843880b941d3f53cde3f6001c83ef032229b9f2ce4622f072e4b6c749c13d115cd6ae2dcd0da709aef113fb2a2fc403d31eee3f681885b49b58fc3c1f4fb55bb
SSDEEP

3072:/ECAJhkdOP17s/qaOi08OwyHxcnZGCCXl11PllV1V:/EvgOP17s/F08OaoCC1vl1V

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 3032	2592	rundll32.exe	29
PID 2592 wrote to memory of 3032	2592	rundll32.exe	29
PID 2592 wrote to memory of 3032	2592	rundll32.exe	29
PID 2592 wrote to memory of 3032	2592	rundll32.exe	29
PID 2592 wrote to memory of 3032	2592	rundll32.exe	29
PID 2592 wrote to memory of 3032	2592	rundll32.exe	29
PID 2592 wrote to memory of 3032	2592	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0353d3312e1f36e1df83f2d68236c45d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0353d3312e1f36e1df83f2d68236c45d.dll,#1
  2⤵
  PID:3032