5ecec901264b2c3772948752795556ed25ba808ea9dca41080c181a7bbbd0f85

Analysis

max time kernel
120s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 00:44

Target

08ec087f04c87481d88bf378abadf81e.dll
Size

48KB
MD5

08ec087f04c87481d88bf378abadf81e
SHA1

e88906364b34b0fc2f52ce1556d52dc87985b3c6
SHA256

5ecec901264b2c3772948752795556ed25ba808ea9dca41080c181a7bbbd0f85
SHA512

3a6a19ce703ec042e20e13f631b621a60b4e240442f8b76fada8a782100159de773ef5d77068d3b97a3912f35fd7904d28d17ab933347cb4a12e5c27ced2b2ed
SSDEEP

384:uWv3Fl9PZUPYyBu0u9ZmjyDYHHDfeVhERLe33Kzd8lki2XDjZYQBmxjprbKIICS:r79PZ5giZ4OYT6F33Kzd3Dojprbp7S

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2080	2248	rundll32.exe	28
PID 2248 wrote to memory of 2080	2248	rundll32.exe	28
PID 2248 wrote to memory of 2080	2248	rundll32.exe	28
PID 2248 wrote to memory of 2080	2248	rundll32.exe	28
PID 2248 wrote to memory of 2080	2248	rundll32.exe	28
PID 2248 wrote to memory of 2080	2248	rundll32.exe	28
PID 2248 wrote to memory of 2080	2248	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08ec087f04c87481d88bf378abadf81e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\08ec087f04c87481d88bf378abadf81e.dll,#1
  2⤵
  PID:2080

memory/2080-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download