e8995133a14c4a59c3e3426e340c50722ef2b1fbe72b6d9c59ef7557b0de7ff9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:30

Target

676fbfd0d1ab424ae723d8bccfc60372.dll
Size

173KB
MD5

676fbfd0d1ab424ae723d8bccfc60372
SHA1

81753ad74a61f87646ee9357a45002db922557cb
SHA256

e8995133a14c4a59c3e3426e340c50722ef2b1fbe72b6d9c59ef7557b0de7ff9
SHA512

46f3a3799adc9d95a8bf5e04d41d3aaabef173e11b682d684d61ca16cb87537bced07bfaff3687dfa6febb908cc4715269fb403950896dc5c49ad62fbeba0e4f
SSDEEP

3072:XeZeKyJbvN/dSqA2xReFURUdXE3eXuOfO1LJW4LTkyagDic9/baswYzL/m18p:XeZby9N1SoeGCdXErAO1RLLWswYz3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 320	1936	rundll32.exe	16
PID 1936 wrote to memory of 320	1936	rundll32.exe	16
PID 1936 wrote to memory of 320	1936	rundll32.exe	16
PID 1936 wrote to memory of 320	1936	rundll32.exe	16
PID 1936 wrote to memory of 320	1936	rundll32.exe	16
PID 1936 wrote to memory of 320	1936	rundll32.exe	16
PID 1936 wrote to memory of 320	1936	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\676fbfd0d1ab424ae723d8bccfc60372.dll,#1
1⤵
PID:320

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\676fbfd0d1ab424ae723d8bccfc60372.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936

memory/320-0-0x00000000000D0000-0x00000000000E7000-memory.dmp

Filesize
92KB

Download
memory/320-1-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download