b8eb9d67513a1202a469b706ca34fcb509f17bbf51894e210fb5a073ba34c21c

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 11:47

Target

dca564f509a3aa5a7f748f67607c6854.dll
Size

48KB
MD5

dca564f509a3aa5a7f748f67607c6854
SHA1

2392b9b77dc5716a3b5977b558b3edbbda99f715
SHA256

b8eb9d67513a1202a469b706ca34fcb509f17bbf51894e210fb5a073ba34c21c
SHA512

527ed0f875be78ee0cbd545d1e3c88a78a445a2bfe87bcc5026b4455256537c046505db8f9be4bb6b71b0b20069872d4b021ba01b9ba335064d02485bdf3a06a
SSDEEP

768:BR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIEV:8aAoHoc2x7bZoYBAcQlwJdMo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dca564f509a3aa5a7f748f67607c6854.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dca564f509a3aa5a7f748f67607c6854.dll,#1
  2⤵
  PID:1756