c5fe7850f2c415c488c36f8399b6fafc22b0e64306c560c74c5373728150778e

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:02

Target

06634d089dd91af482d84832ba292ac8.dll
Size

35KB
MD5

06634d089dd91af482d84832ba292ac8
SHA1

677e8c3490aa6ff9596c4476b9a84f59062375a6
SHA256

c5fe7850f2c415c488c36f8399b6fafc22b0e64306c560c74c5373728150778e
SHA512

cb3cb93a1a346811be5c5b5c9e8ea2d987ce54929e2726001943b0ec7aed37d6dcd079bdd30147dd381325614606bc7bffc40aec486f710844652751a3c71dee
SSDEEP

768:n/d8BbVsjmLl0HGRKVyqKiwtZ2JRQAQe5D5eUDUlO/6p4HC9yp8/y50VwapsE:nCBbVsjmJa5GZ2JKZmVxYlO/6p4HC9yQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2232	1644	rundll32.exe	14
PID 1644 wrote to memory of 2232	1644	rundll32.exe	14
PID 1644 wrote to memory of 2232	1644	rundll32.exe	14
PID 1644 wrote to memory of 2232	1644	rundll32.exe	14
PID 1644 wrote to memory of 2232	1644	rundll32.exe	14
PID 1644 wrote to memory of 2232	1644	rundll32.exe	14
PID 1644 wrote to memory of 2232	1644	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06634d089dd91af482d84832ba292ac8.dll,#1
1⤵
PID:2232

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06634d089dd91af482d84832ba292ac8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644