57ba978c61b9f527c5f441256c5563734ba560f098b5b22b4fb2e5dec2b60383

Analysis

max time kernel
120s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:13

Target

3a9a121e775716aa222400c444d7c886.dll
Size

84KB
MD5

3a9a121e775716aa222400c444d7c886
SHA1

82b32872c130bd82cb260cf96f793f3a7c5435b6
SHA256

57ba978c61b9f527c5f441256c5563734ba560f098b5b22b4fb2e5dec2b60383
SHA512

4645edf64366a43dbb3e5788aaf3c0225000f138b45161967959e7686566d93d145de4f930a21fecc5d68a8e5c141f71229be0f4cccadf520b6645b1b5fb3db9
SSDEEP

1536:MSaY+uEcUDS1d9+UbuMqJzQPiBfzSa7JEeT5EcwWMroLXPWG:L7+9hDafiMqJzQPCfm4JEeT5d4r3G

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2452	2380	rundll32.exe	27
PID 2380 wrote to memory of 2452	2380	rundll32.exe	27
PID 2380 wrote to memory of 2452	2380	rundll32.exe	27
PID 2380 wrote to memory of 2452	2380	rundll32.exe	27
PID 2380 wrote to memory of 2452	2380	rundll32.exe	27
PID 2380 wrote to memory of 2452	2380	rundll32.exe	27
PID 2380 wrote to memory of 2452	2380	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a9a121e775716aa222400c444d7c886.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a9a121e775716aa222400c444d7c886.dll,#1
  2⤵
  PID:2452

memory/2452-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2452-1-0x0000000000160000-0x000000000016F000-memory.dmp

Filesize
60KB

Download