14818488290c75dd95d7154ba216fe64bda7a182ff1840a56d3a9f467e1c55cc

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:35

Target

034a768d094929b04f1b047db56afdcc.dll
Size

79KB
MD5

034a768d094929b04f1b047db56afdcc
SHA1

2e8828bd8289ca8220515fe21c63bf8a1a96ed21
SHA256

14818488290c75dd95d7154ba216fe64bda7a182ff1840a56d3a9f467e1c55cc
SHA512

54490ee18314bc01842c3bcd97913c47e658b4b3c41b69a87c480100f0b0c47682cb2b9e83d9b29a06cae3fafcfcd6371754d6a12e5b52b63eb9b30d7490abb9
SSDEEP

768:/8jy694/7LsWkFMalLepofSEtkU5yXNkOhPpEniteDH/J6/Wfed76n2YEDZ4w47P:0WuKk3lIo8kCanqeV1fwCRU+Wpm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 640	2196	rundll32.exe	28
PID 2196 wrote to memory of 640	2196	rundll32.exe	28
PID 2196 wrote to memory of 640	2196	rundll32.exe	28
PID 2196 wrote to memory of 640	2196	rundll32.exe	28
PID 2196 wrote to memory of 640	2196	rundll32.exe	28
PID 2196 wrote to memory of 640	2196	rundll32.exe	28
PID 2196 wrote to memory of 640	2196	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\034a768d094929b04f1b047db56afdcc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\034a768d094929b04f1b047db56afdcc.dll,#1
  2⤵
  PID:640