132a8d9d0a1cca4b3488b135f1d98ca6a018e9a2bbd41849684cd7c0d559b284

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:52

Target

20ab61eb59dad3812d90f685da1278ff.dll
Size

192KB
MD5

20ab61eb59dad3812d90f685da1278ff
SHA1

2a2fe8193c5daddb1cdecb8c32b0bcab0c2024ec
SHA256

132a8d9d0a1cca4b3488b135f1d98ca6a018e9a2bbd41849684cd7c0d559b284
SHA512

6049cd240c8600432decf7fd8f3cf69205a3b181ff6a9e1ef19ff5a456b94746c0d2777462beb57fa7e7954e05181dc158653726edacd56831a9e85fb46eb89d
SSDEEP

3072:ZNbpOnPsGqQTruHLD7RcQxKrrdNU0VAtrOpOOWxOv4Kn7qbjx7T/Hrmj2V:ZNbqaLD7RcukVAtSQOWcgWqbV77Lmja

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2780	2304	rundll32.exe	28
PID 2304 wrote to memory of 2780	2304	rundll32.exe	28
PID 2304 wrote to memory of 2780	2304	rundll32.exe	28
PID 2304 wrote to memory of 2780	2304	rundll32.exe	28
PID 2304 wrote to memory of 2780	2304	rundll32.exe	28
PID 2304 wrote to memory of 2780	2304	rundll32.exe	28
PID 2304 wrote to memory of 2780	2304	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20ab61eb59dad3812d90f685da1278ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20ab61eb59dad3812d90f685da1278ff.dll,#1
  2⤵
  PID:2780