ba813ee2342c195e2da5e7322e6fbf16df8e098a0c1916b44c8de508c7f99743

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 22:34

Target

1e969a4f884d4774dc6f53f500c747c1.dll
Size

36KB
MD5

1e969a4f884d4774dc6f53f500c747c1
SHA1

26e84bb28868352ddb75ae5f772fcda9d0926c62
SHA256

ba813ee2342c195e2da5e7322e6fbf16df8e098a0c1916b44c8de508c7f99743
SHA512

2d68121a3537087cd2d56f694ba43ad5e599298ff31cea16f5845d6153f94260f9d6db91e04e2af5511998fe0a5ec7a0a99d4160de3d512b5a1c90fb1872ae56
SSDEEP

384:wsLBjKHXqkbC9lyFN3M5Zu5xTbOu89xKu4sKukNbCeGBFbG30hT:w16yAs3eZufTKu89x94s9kNbZGFqkh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2032	1364	rundll32.exe	17
PID 1364 wrote to memory of 2032	1364	rundll32.exe	17
PID 1364 wrote to memory of 2032	1364	rundll32.exe	17
PID 1364 wrote to memory of 2032	1364	rundll32.exe	17
PID 1364 wrote to memory of 2032	1364	rundll32.exe	17
PID 1364 wrote to memory of 2032	1364	rundll32.exe	17
PID 1364 wrote to memory of 2032	1364	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e969a4f884d4774dc6f53f500c747c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e969a4f884d4774dc6f53f500c747c1.dll,#1
  2⤵
  PID:2032