e6e65eb67507fc5db0c6a48e597a59ee15d7faa3938a8526dfe56ee768337079

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:16

Target

668b7e37a979bb955c57b4eb1c2430e8.dll
Size

256KB
MD5

668b7e37a979bb955c57b4eb1c2430e8
SHA1

bf977cb835231a5974e42fdb659ff4559322cc4f
SHA256

e6e65eb67507fc5db0c6a48e597a59ee15d7faa3938a8526dfe56ee768337079
SHA512

c5faacb9b9979080cd2d952fca576362387e6e9ae33c53365892aff5603b56591fcd5bca74439d5c5294c09e3e39838121674ac9b855e11f783a396e44a8e43d
SSDEEP

3072:kTto02fU9zsr2mv7DJKAJ8Ick5eTKwtZO1nS0T3Q8zx6zH/oxqdC837SavtGRCZ:utoksdB3Jlck5utYT3Q8d6zf2aDvLZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 1684	1852	rundll32.exe	22
PID 1852 wrote to memory of 1684	1852	rundll32.exe	22
PID 1852 wrote to memory of 1684	1852	rundll32.exe	22
PID 1852 wrote to memory of 1684	1852	rundll32.exe	22
PID 1852 wrote to memory of 1684	1852	rundll32.exe	22
PID 1852 wrote to memory of 1684	1852	rundll32.exe	22
PID 1852 wrote to memory of 1684	1852	rundll32.exe	22

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\668b7e37a979bb955c57b4eb1c2430e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\668b7e37a979bb955c57b4eb1c2430e8.dll,#1
  2⤵
  PID:1684