e1d5fc2e1a7decb42ca4d86ed5a680d0c49d67325a7d2b1263a0af09568bf50b

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 17:09

Target

2fbf66def68e86714dfcc7ffccc4994d.dll
Size

168KB
MD5

2fbf66def68e86714dfcc7ffccc4994d
SHA1

7d1ab0e0bf65ce70c2c187366122aa216d36db77
SHA256

e1d5fc2e1a7decb42ca4d86ed5a680d0c49d67325a7d2b1263a0af09568bf50b
SHA512

a74d1aa34b57a59ee32eb1285aa460a3947cd4b7c34bac74a2e1327f8128ac33ed8f5da7bf83851f59406a7ff662f3423ae2a85aad8e27b61f364116e1cb205a
SSDEEP

3072:k1IM6ptoGzKtuNMSL1KyY6cDcw6IKPhjoXfhFYex1j2UuZiVeqUL4vlX5h3sqm:wITtzc8xt1PmXfrbl2dqUMvl5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 2132	1144	rundll32.exe	15
PID 1144 wrote to memory of 2132	1144	rundll32.exe	15
PID 1144 wrote to memory of 2132	1144	rundll32.exe	15
PID 1144 wrote to memory of 2132	1144	rundll32.exe	15
PID 1144 wrote to memory of 2132	1144	rundll32.exe	15
PID 1144 wrote to memory of 2132	1144	rundll32.exe	15
PID 1144 wrote to memory of 2132	1144	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fbf66def68e86714dfcc7ffccc4994d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fbf66def68e86714dfcc7ffccc4994d.dll,#1
  2⤵
  PID:2132

memory/2132-2-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2132-1-0x00000000001D0000-0x00000000001E3000-memory.dmp

Filesize
76KB

Download