d56812795a164d0ba2c944f20bbecf5caf0f5064f72a43d13529fd123da22429

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:53

Target

1dafa48978f45acac30ecab2770be617.dll
Size

118KB
MD5

1dafa48978f45acac30ecab2770be617
SHA1

39998f33416d931385ee1056abd7137ba6b97199
SHA256

d56812795a164d0ba2c944f20bbecf5caf0f5064f72a43d13529fd123da22429
SHA512

7af0671474abff0811a18b0721906ecf08b12f37156a3162553b95b607501fb110e4cdb112dd8b7b2f8f4500d45dcef66f047b257e9796e530dd11a409198577
SSDEEP

1536:JfmSMqqU+2bbbAV2/S2k7NrJYhYOP9HL0Uv3Cse1iyjTyBD/eTgJcq9JocykTBl:JeSMqqDL2/kTYR9W1BJgJr9Jo7kBl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 3044	3012	rundll32.exe	16
PID 3012 wrote to memory of 3044	3012	rundll32.exe	16
PID 3012 wrote to memory of 3044	3012	rundll32.exe	16
PID 3012 wrote to memory of 3044	3012	rundll32.exe	16
PID 3012 wrote to memory of 3044	3012	rundll32.exe	16
PID 3012 wrote to memory of 3044	3012	rundll32.exe	16
PID 3012 wrote to memory of 3044	3012	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1dafa48978f45acac30ecab2770be617.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1dafa48978f45acac30ecab2770be617.dll,#1
  2⤵
  PID:3044

memory/3044-3-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/3044-2-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/3044-1-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/3044-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download