69fd23bffaf8b3909cfdf0b0933e735cd9d9948a8db585404209cceface2c2e8

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 15:23

Target

78a9f44eb75e29f319ee71fff465d8df.dll
Size

92KB
MD5

78a9f44eb75e29f319ee71fff465d8df
SHA1

d606633f5d20385460d84cd82389f3494abbae8d
SHA256

69fd23bffaf8b3909cfdf0b0933e735cd9d9948a8db585404209cceface2c2e8
SHA512

b3b696de063c65de17716098655d1b11c995ae2d4ebcf5f187e191adfc2d3b80ef95c5c2c9bebb47e9df1ed654caf302bcb912d60fde215ab17296f9ac2a6aff
SSDEEP

1536:GOtggvDUBV5JydKSkUktShWAD+KQbbDFbbGMko7YaSxfCQD:GK70V5JydK7U42WAD+ZDFbhkOYnD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2276	2072	rundll32.exe	28
PID 2072 wrote to memory of 2276	2072	rundll32.exe	28
PID 2072 wrote to memory of 2276	2072	rundll32.exe	28
PID 2072 wrote to memory of 2276	2072	rundll32.exe	28
PID 2072 wrote to memory of 2276	2072	rundll32.exe	28
PID 2072 wrote to memory of 2276	2072	rundll32.exe	28
PID 2072 wrote to memory of 2276	2072	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78a9f44eb75e29f319ee71fff465d8df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\78a9f44eb75e29f319ee71fff465d8df.dll,#1
  2⤵
  PID:2276

memory/2276-0-0x00000000000B0000-0x00000000000BD000-memory.dmp

Filesize
52KB

Download
memory/2276-1-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2276-5-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2276-6-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2276-7-0x00000000000B0000-0x00000000000B6000-memory.dmp

Filesize
24KB

Download