42b50147461f1b8289cab7ba980dec9c4373d49216b0c1c23147fd53fe99316a

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:28

Target

6acacd37d3e41c3b1779c9bb1a98f92c.dll
Size

45KB
MD5

6acacd37d3e41c3b1779c9bb1a98f92c
SHA1

d95aeb3c4e6f9ded906aea54bb51a1e68391e89f
SHA256

42b50147461f1b8289cab7ba980dec9c4373d49216b0c1c23147fd53fe99316a
SHA512

3403bf7ac9c26432a86ad7d61d7a3148e15b10cfedc34d4ef1f15f269327217b8c6cb93243b8734d28e220af7e6afe9824549bd5fac737847fa3e537d85fdfa3
SSDEEP

768:KBtbBae/qB46qsmyhTjm+Y3A3v45xWbktQjMWAOj3sVsaHOIu6mgwt+TKAjHslKW:KnkepumyhRAv5xptQjMGrcHOIuFku7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1180	2076	rundll32.exe	28
PID 2076 wrote to memory of 1180	2076	rundll32.exe	28
PID 2076 wrote to memory of 1180	2076	rundll32.exe	28
PID 2076 wrote to memory of 1180	2076	rundll32.exe	28
PID 2076 wrote to memory of 1180	2076	rundll32.exe	28
PID 2076 wrote to memory of 1180	2076	rundll32.exe	28
PID 2076 wrote to memory of 1180	2076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6acacd37d3e41c3b1779c9bb1a98f92c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6acacd37d3e41c3b1779c9bb1a98f92c.dll,#1
  2⤵
  PID:1180

memory/1180-1-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/1180-2-0x00000000001A0000-0x00000000001AE000-memory.dmp

Filesize
56KB

Download
memory/1180-0-0x0000000000190000-0x0000000000198000-memory.dmp

Filesize
32KB

Download
memory/1180-4-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/1180-5-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/1180-6-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/1180-7-0x0000000000FB0000-0x0000000000FBE000-memory.dmp

Filesize
56KB

Download
memory/1180-8-0x0000000075AE0000-0x0000000075BF0000-memory.dmp

Filesize
1.1MB

Download
memory/1180-9-0x0000000075AE0000-0x0000000075BF0000-memory.dmp

Filesize
1.1MB

Download