cb7c5f7cb7409f66d5315ff169fc9a303712aa9d9632c025824911a29bc0e7ad

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 04:50

Target

062134eaf41ffe472e21c51d4f0cb11d.dll
Size

48KB
MD5

062134eaf41ffe472e21c51d4f0cb11d
SHA1

2d0346ec3448cb03db857dc66aadf9ad7886640c
SHA256

cb7c5f7cb7409f66d5315ff169fc9a303712aa9d9632c025824911a29bc0e7ad
SHA512

a071b2d01a7db6353762bb69b6891755b120ab739592ac9370dcf73b0b19dfb284d3c7aef2e8c1839fc443fad4354baefba10e71b472115eea4b93b06b02c47d
SSDEEP

768:KTeeBtNrWoqmNeCmHCdc25zUYQuDoJz15OaJ366PraYQqhzV026RkTNk:ly2Jm1dlKukJz13JbWOVWmJk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2124	2520	rundll32.exe	15
PID 2520 wrote to memory of 2124	2520	rundll32.exe	15
PID 2520 wrote to memory of 2124	2520	rundll32.exe	15
PID 2520 wrote to memory of 2124	2520	rundll32.exe	15
PID 2520 wrote to memory of 2124	2520	rundll32.exe	15
PID 2520 wrote to memory of 2124	2520	rundll32.exe	15
PID 2520 wrote to memory of 2124	2520	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\062134eaf41ffe472e21c51d4f0cb11d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\062134eaf41ffe472e21c51d4f0cb11d.dll,#1
  2⤵
  PID:2124

memory/2124-2-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/2124-1-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/2124-0-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download