eb06747ed075ba8ca3eba855902b6b11802429845bae18ddebde467d0ecc032b

Analysis

max time kernel
117s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:35

Target

4d095374f013bb50e821fe140b1cc3d1.dll
Size

15KB
MD5

4d095374f013bb50e821fe140b1cc3d1
SHA1

3637e4d85d5db21c961cfd460757d47ffd695aac
SHA256

eb06747ed075ba8ca3eba855902b6b11802429845bae18ddebde467d0ecc032b
SHA512

ba95f6cda187653f0f6492f3ffa9d64d88d3393b3bfff806b3c4650c27a8382553c0d65174bfb5583aacd4c6e5cabe136dc7cb72f68b86015e66b5cdca1dba4c
SSDEEP

192:n+JHSn95v5ZEAyIjp1sN/8yBA9dQcl0SMgcUtnVxQjcWJuGo:sezhZEAyI91y8yq9pl0SMhUNnAzBo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 2960	1348	rundll32.exe	28
PID 1348 wrote to memory of 2960	1348	rundll32.exe	28
PID 1348 wrote to memory of 2960	1348	rundll32.exe	28
PID 1348 wrote to memory of 2960	1348	rundll32.exe	28
PID 1348 wrote to memory of 2960	1348	rundll32.exe	28
PID 1348 wrote to memory of 2960	1348	rundll32.exe	28
PID 1348 wrote to memory of 2960	1348	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d095374f013bb50e821fe140b1cc3d1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d095374f013bb50e821fe140b1cc3d1.dll,#1
  2⤵
  PID:2960