dd48f150c55c3b09677bb4dfbc09f7535c9830141c914e11b675445ee8c90004

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 05:53

Target

581c9c4e26c57db9b9ae25aae771416e.dll
Size

83KB
MD5

581c9c4e26c57db9b9ae25aae771416e
SHA1

402603381cf091ec933316cd233418a84c5cc78b
SHA256

dd48f150c55c3b09677bb4dfbc09f7535c9830141c914e11b675445ee8c90004
SHA512

7402e7579a205ae2df920dbe49869d7bc36a39c8e95ead14681621f3eb09ed07aa2df504addfd39d76df0820612fcf5e60d71052395af8361f034b4c56f43c66
SSDEEP

1536:Dv9FvxpmEyYVQixN60KC3aG6ktt2rXGRQTS6vjx433Q7WDSz:DvFgrG60KCKG6wtW0+ko

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 880	2872	rundll32.exe	20
PID 2872 wrote to memory of 880	2872	rundll32.exe	20
PID 2872 wrote to memory of 880	2872	rundll32.exe	20
PID 2872 wrote to memory of 880	2872	rundll32.exe	20
PID 2872 wrote to memory of 880	2872	rundll32.exe	20
PID 2872 wrote to memory of 880	2872	rundll32.exe	20
PID 2872 wrote to memory of 880	2872	rundll32.exe	20

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\581c9c4e26c57db9b9ae25aae771416e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\581c9c4e26c57db9b9ae25aae771416e.dll,#1
  2⤵
  PID:880