3e01f7a457f469708eb19fb059719e3a4a2be2dc0c287610a50bf1bd80de0c24

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 09:48

Target

64e543cf355bae11e7b4e8cc76aac022.dll
Size

29KB
MD5

64e543cf355bae11e7b4e8cc76aac022
SHA1

982a0d24388bb5f91ff290d4c3f319c481d32bb7
SHA256

3e01f7a457f469708eb19fb059719e3a4a2be2dc0c287610a50bf1bd80de0c24
SHA512

cc3724076086306f0a566d4f5c866706c2fcf6084d029b990a77c551a6bfd1176c0c7556e4a23aa7c956d046281df91e7995d696086fe2830ee21a8443b46b1e
SSDEEP

768:k0KuN32msi/zFW/C8/Ars7wMcZcqmB+1wUsw6Cw0vBBQARQkshKVeRY:5KuN32Ji7+C8sK7U6Cw0vBBQARcZC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2748	2452	rundll32.exe	28
PID 2452 wrote to memory of 2748	2452	rundll32.exe	28
PID 2452 wrote to memory of 2748	2452	rundll32.exe	28
PID 2452 wrote to memory of 2748	2452	rundll32.exe	28
PID 2452 wrote to memory of 2748	2452	rundll32.exe	28
PID 2452 wrote to memory of 2748	2452	rundll32.exe	28
PID 2452 wrote to memory of 2748	2452	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64e543cf355bae11e7b4e8cc76aac022.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64e543cf355bae11e7b4e8cc76aac022.dll,#1
  2⤵
  PID:2748