b28c0a6d35d4723555383a6518694635b8ef44a00a722ca6ad76bc30fa78904a

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:11

Target

7ba805544e1693949e339057c9571840.dll
Size

7KB
MD5

7ba805544e1693949e339057c9571840
SHA1

4ffe5eba39c93ed4c9022363d5c5cd0581a71850
SHA256

b28c0a6d35d4723555383a6518694635b8ef44a00a722ca6ad76bc30fa78904a
SHA512

f7af7a371ab13014df75029f8f5caa9590ff45816be7c4048321001a58140232cb32a4ccf19c6c1437e5bbb93b20cde4c01ffd1f7b72845afa053b7bd082d87d
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWVbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPfq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3048	3004	rundll32.exe	28
PID 3004 wrote to memory of 3048	3004	rundll32.exe	28
PID 3004 wrote to memory of 3048	3004	rundll32.exe	28
PID 3004 wrote to memory of 3048	3004	rundll32.exe	28
PID 3004 wrote to memory of 3048	3004	rundll32.exe	28
PID 3004 wrote to memory of 3048	3004	rundll32.exe	28
PID 3004 wrote to memory of 3048	3004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ba805544e1693949e339057c9571840.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ba805544e1693949e339057c9571840.dll,#1
  2⤵
  PID:3048