edb074f542e99e8fcbd3d2be48f512b166286ac751dc5aa3950b89f6ac3101b5

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 05:03

Target

5673438fbd4218ea791265830ab4d67e.dll
Size

80KB
MD5

5673438fbd4218ea791265830ab4d67e
SHA1

5bf0750ed0f6656b73ec86bf88e23bab1517bb73
SHA256

edb074f542e99e8fcbd3d2be48f512b166286ac751dc5aa3950b89f6ac3101b5
SHA512

55a4bf9ab1dbbf2a8e41e2ee3b2ff05689711b20317e6d6bf360018de8aec0675692a4a8c13345f0ec51c3cef29f33b790d6a1f8c1fe774f476660ecfbad8182
SSDEEP

768:JEP7W9TxUNf1Fp0NAsLA+UOTJw+DdgowOkaHKzXiB9oQgs8DZAGTsa9Uwu4:ODZ0N1yOTJx9wdza4s9w3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28
PID 1180 wrote to memory of 2500	1180	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5673438fbd4218ea791265830ab4d67e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5673438fbd4218ea791265830ab4d67e.dll,#1
  2⤵
  PID:2500