cb6919c53d3d1605b33d6e3c581b2ed209f316c5cbcb43e6436105b7fe7a00eb

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:36

Target

29c6062ea8dc25361a9f418f48050abd.dll
Size

291KB
MD5

29c6062ea8dc25361a9f418f48050abd
SHA1

693177ee95fb6468acd563ed46d300c401aeedd4
SHA256

cb6919c53d3d1605b33d6e3c581b2ed209f316c5cbcb43e6436105b7fe7a00eb
SHA512

c3a8898a695ab94b19e071109cba6013b992be33e9d3ef8bb33a094abbb26c44e5e584b4202062cba2d340c6008e7082f16b8663b6ab10c70609f30a9a66f6c7
SSDEEP

6144:GA1wTB+aXRAiNsZDXdBqEc4gga0NeYhNuOncD6v5xIQrS31:ql+aBANZDXdBm4VakuOcD6hxIR3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28
PID 2164 wrote to memory of 2508	2164	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29c6062ea8dc25361a9f418f48050abd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29c6062ea8dc25361a9f418f48050abd.dll,#1
  2⤵
  PID:2508

memory/2508-0-0x0000000000670000-0x000000000067C000-memory.dmp

Filesize
48KB

Download
memory/2508-1-0x0000000010000000-0x0000000010067000-memory.dmp

Filesize
412KB

Download