ecce17ae5b5fefd25c6809a40c9ea9da7de0f724a5a83c30116183d4aff2b24d

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:55

Target

5225c1302d4b7caecce016cf0e69095e.dll
Size

3.2MB
MD5

5225c1302d4b7caecce016cf0e69095e
SHA1

f4faa147e5ddfccd262eaabd3912b88084e9f039
SHA256

ecce17ae5b5fefd25c6809a40c9ea9da7de0f724a5a83c30116183d4aff2b24d
SHA512

74605258fb95d1a04f99ae6f7fdfcfa0df0327f288c8674c562936e605a061deddcadbe6b402e76764611147cbbb9ae27d7fe741f0da809fd9daa1579792b34f
SSDEEP

49152:j8zxBxYPQuMQEM2qdsQDsiQgcoj0B9K9VACixksdRecvGvKwVaTOqORUPgC1mTvm:OxBx6n6QDs4h0+9OecvGvKBOqDb1gm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 2516	1300	rundll32.exe	14
PID 1300 wrote to memory of 2516	1300	rundll32.exe	14
PID 1300 wrote to memory of 2516	1300	rundll32.exe	14
PID 1300 wrote to memory of 2516	1300	rundll32.exe	14
PID 1300 wrote to memory of 2516	1300	rundll32.exe	14
PID 1300 wrote to memory of 2516	1300	rundll32.exe	14
PID 1300 wrote to memory of 2516	1300	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5225c1302d4b7caecce016cf0e69095e.dll,#1
1⤵
PID:2516

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5225c1302d4b7caecce016cf0e69095e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300