6cf24410747ba7842ccfc17050adce8d81093bb4908ab8ed73deae64fa6ce614

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 21:30

Target

0479f09f591e4b2b47e1f80e9931247b.dll
Size

52KB
MD5

0479f09f591e4b2b47e1f80e9931247b
SHA1

aa8edf18f86080fdf33fdb0e3077359a23bba4c8
SHA256

6cf24410747ba7842ccfc17050adce8d81093bb4908ab8ed73deae64fa6ce614
SHA512

8af59b6cf19a86698d4f3edaf8f2d07579aab3e9654eaaff056fd6c02f029bc3cf1d5da2593464c85daa0462e323334aac8191290ad23744b50f140dce9c1e09
SSDEEP

96:vqlAc+cl4sCWeEDbYDBtP35ypdZR0cCavyumhZm+1RphS///2G:ylj+cisDeWYHcTZbVmhZm+13G

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2772	2996	rundll32.exe	28
PID 2996 wrote to memory of 2772	2996	rundll32.exe	28
PID 2996 wrote to memory of 2772	2996	rundll32.exe	28
PID 2996 wrote to memory of 2772	2996	rundll32.exe	28
PID 2996 wrote to memory of 2772	2996	rundll32.exe	28
PID 2996 wrote to memory of 2772	2996	rundll32.exe	28
PID 2996 wrote to memory of 2772	2996	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0479f09f591e4b2b47e1f80e9931247b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0479f09f591e4b2b47e1f80e9931247b.dll,#1
  2⤵
  PID:2772