0384977c64f80d0d3f16a47b1e073f038fb33a2bb48a1d9635fea9c9dd7a331a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:41

Target

0371c1655fe1a23e6f312d403337c3bb.dll
Size

62KB
MD5

0371c1655fe1a23e6f312d403337c3bb
SHA1

7d6b089dea7aff78e4b55a0aa231eb1348b5793a
SHA256

0384977c64f80d0d3f16a47b1e073f038fb33a2bb48a1d9635fea9c9dd7a331a
SHA512

91037de1959c73a3f94fed1a42ea7f550abd50007e62de263fef483c260ef9d73c58202e53ed03526f251430122cf53c69a1656561ac19003f53a453965f0856
SSDEEP

1536:IhhrmUxWWMPWz1mBLX5cuWBKj44z9q02fSZv:Ehr/xqWz45X2fB+Bi4v

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2944	1108	rundll32.exe	16
PID 1108 wrote to memory of 2944	1108	rundll32.exe	16
PID 1108 wrote to memory of 2944	1108	rundll32.exe	16
PID 1108 wrote to memory of 2944	1108	rundll32.exe	16
PID 1108 wrote to memory of 2944	1108	rundll32.exe	16
PID 1108 wrote to memory of 2944	1108	rundll32.exe	16
PID 1108 wrote to memory of 2944	1108	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0371c1655fe1a23e6f312d403337c3bb.dll,#1
1⤵
PID:2944

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0371c1655fe1a23e6f312d403337c3bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108

memory/2944-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2944-4-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2944-3-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2944-2-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2944-1-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download