554036c724e41c2f17e1a835c8ec758d2f50173a45426ca724aa231fc588fed6

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:00

Target

138f0fce461d18d43ea89a369ed6e28c.dll
Size

144KB
MD5

138f0fce461d18d43ea89a369ed6e28c
SHA1

db104d8f59e08c3f32db006f5c07a8c49213c994
SHA256

554036c724e41c2f17e1a835c8ec758d2f50173a45426ca724aa231fc588fed6
SHA512

ec4c269197969c93c29c436b9a2165c5ad0e5c6cfe74609ff5c195fdebaeacbc3c4518455be7e3fbaa8464121cfedd9b3d37f65ef43d54a18a3b5a3b77ec3858
SSDEEP

3072:3pR/j8Mui4vNaJZEVU67FC52k99geYK4W6mHHvv7VCiy:5ecdZElQ52klB4WLH77y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\138f0fce461d18d43ea89a369ed6e28c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\138f0fce461d18d43ea89a369ed6e28c.dll,#1
  2⤵
  PID:2932