f66213cedfad83441ce6b9485365e637078eb8f4b8faf2b5532b8ec1c5fcacab

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:08

Target

05347efdcceba213eac529addc96afaa.dll
Size

71KB
MD5

05347efdcceba213eac529addc96afaa
SHA1

0875c4e42bcfa114236cfe3a5b0e8f56d095637a
SHA256

f66213cedfad83441ce6b9485365e637078eb8f4b8faf2b5532b8ec1c5fcacab
SHA512

a41cdf2f95b881584a9e5bc354aaccafc6cf197e8afd38cb2f15875f767f552485cb6630f9901f1149cddec5f5fc286a3429feef83e832f51c25f04056f46d1e
SSDEEP

1536:lksmsapPV5kQ/+Lc07ZXV2Hl1CL9ZXNHDAgTkGuF9bfNL2KFc:msmsaprk2m7ZXV2HlUL9ZXNy5Fl1L2h

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28
PID 2052 wrote to memory of 2932	2052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05347efdcceba213eac529addc96afaa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05347efdcceba213eac529addc96afaa.dll,#1
  2⤵
  PID:2932