5df19e05637d8e0e0190bae7b6ba010f279a96582dba86fa51e163e677b7f955

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 07:31

Target

0ef193f176c545a9f85550889e702b30.dll
Size

100KB
MD5

0ef193f176c545a9f85550889e702b30
SHA1

7b64c436fc67061bf52110651d5abf11deb0d020
SHA256

5df19e05637d8e0e0190bae7b6ba010f279a96582dba86fa51e163e677b7f955
SHA512

312066930b0cb6a3db940b56a427afea70163d08014198a0ff131be6a347f1fffd820f9d06d76b3d6052da06d37cd9c077f6aabb95ff1eb7514802d01790de64
SSDEEP

3072:b8eRT3/eupeR3m17DnObeWQYirufflncIACjg0YcYmbRIryLcfBq8iOOW:lmHmHtV4dcaYJmbRrGBqjW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 1444	2596	rundll32.exe	16
PID 2596 wrote to memory of 1444	2596	rundll32.exe	16
PID 2596 wrote to memory of 1444	2596	rundll32.exe	16
PID 2596 wrote to memory of 1444	2596	rundll32.exe	16
PID 2596 wrote to memory of 1444	2596	rundll32.exe	16
PID 2596 wrote to memory of 1444	2596	rundll32.exe	16
PID 2596 wrote to memory of 1444	2596	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ef193f176c545a9f85550889e702b30.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ef193f176c545a9f85550889e702b30.dll,#1
  2⤵
  PID:1444

memory/1444-6-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/1444-5-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/1444-1-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/1444-0-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download