52461e58d83c0bac02d3e9c888a1aa3cc70cf38ea5097f56c2d6437ccd088a20

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 06:38

Target

5a22f691ab01573f49ae57ee25c90cab.dll
Size

239KB
MD5

5a22f691ab01573f49ae57ee25c90cab
SHA1

94013ffb0dcc5fb2cc297734223577ffbf0a5d0f
SHA256

52461e58d83c0bac02d3e9c888a1aa3cc70cf38ea5097f56c2d6437ccd088a20
SHA512

8ea284025759e668e63f7e2b73f79a1afd92753ee11ef104df5eb1f3c031156dfda7293ade3052354c41621196a1d8ae0cae4296504b7221756c3af6c51626d7
SSDEEP

3072:3pR/j8Mui4vNaJZEVU67FC52k99geYK4W6mHHvv7VCirTcmS5AIg01+WpgXXDrc5:5ecdZElQ52klB4WLH7785dzVCaxNl8uJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2460	2496	rundll32.exe	15
PID 2496 wrote to memory of 2460	2496	rundll32.exe	15
PID 2496 wrote to memory of 2460	2496	rundll32.exe	15
PID 2496 wrote to memory of 2460	2496	rundll32.exe	15
PID 2496 wrote to memory of 2460	2496	rundll32.exe	15
PID 2496 wrote to memory of 2460	2496	rundll32.exe	15
PID 2496 wrote to memory of 2460	2496	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a22f691ab01573f49ae57ee25c90cab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a22f691ab01573f49ae57ee25c90cab.dll,#1
  2⤵
  PID:2460