eb0094369f4ad2c243920643331f4e071288f2584a45369caeec67cdc91ccc7a

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:56

Target

55fc6b76766067b7dea58927b860b5f1.dll
Size

29KB
MD5

55fc6b76766067b7dea58927b860b5f1
SHA1

f7f3c39987e530ec11368c5f60b0e61bcb464b56
SHA256

eb0094369f4ad2c243920643331f4e071288f2584a45369caeec67cdc91ccc7a
SHA512

baa5ad9fb5b62ba29dbc648d72ed2da134fafdaec80c2c9687e8893e4ff51b20566c0542e9b340d09e590dfb8bb3e43d6d203a58dcff0b1f32feea2d8b7ac794
SSDEEP

768:4NgHF88Q9RIdkLuNxiWU9vBTjZGU9EliXQa2CoIwYm4nf:xHG9RIdtAD9pRGU9EliAa27fYm4nf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2300	1948	rundll32.exe	28
PID 1948 wrote to memory of 2300	1948	rundll32.exe	28
PID 1948 wrote to memory of 2300	1948	rundll32.exe	28
PID 1948 wrote to memory of 2300	1948	rundll32.exe	28
PID 1948 wrote to memory of 2300	1948	rundll32.exe	28
PID 1948 wrote to memory of 2300	1948	rundll32.exe	28
PID 1948 wrote to memory of 2300	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55fc6b76766067b7dea58927b860b5f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55fc6b76766067b7dea58927b860b5f1.dll,#1
  2⤵
  PID:2300

memory/2300-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2300-1-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2300-2-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download