3e7c023be714139e8e3cb1d24949ee883032c9a3be021124a4621f00a98d7550

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:34

Target

048e9a4b7da79ccf51c7d1e6bc0d2ceb.dll
Size

144KB
MD5

048e9a4b7da79ccf51c7d1e6bc0d2ceb
SHA1

fa7c2ed88966b94a31ecbcbb048dc3de194b7607
SHA256

3e7c023be714139e8e3cb1d24949ee883032c9a3be021124a4621f00a98d7550
SHA512

9abf9fcbd3c0802fc22c34397ada981f6f13b74bebc467b6df37c992f34c357f9c1626e28c9c3f1efb2165f3c7e635409c73a64fda85cae2bed530c4cbcdcec9
SSDEEP

1536:ze9iTFEDnoACRH79aqK6RU0YFm/1eqUIli/0VRmPaUZoY/+CI9a1SrjC8:y9i2opv5YMoqRs5ZbGNn7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2560	2180	rundll32.exe	28
PID 2180 wrote to memory of 2560	2180	rundll32.exe	28
PID 2180 wrote to memory of 2560	2180	rundll32.exe	28
PID 2180 wrote to memory of 2560	2180	rundll32.exe	28
PID 2180 wrote to memory of 2560	2180	rundll32.exe	28
PID 2180 wrote to memory of 2560	2180	rundll32.exe	28
PID 2180 wrote to memory of 2560	2180	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\048e9a4b7da79ccf51c7d1e6bc0d2ceb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\048e9a4b7da79ccf51c7d1e6bc0d2ceb.dll,#1
  2⤵
  PID:2560