9956422b6d13e04edc980e7e046c25939521b86f980520d115283c8716fad10c

Analysis

max time kernel
118s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:58

Target

0c548c7f2e1ababefefeaa43a3980d2d.dll
Size

248KB
MD5

0c548c7f2e1ababefefeaa43a3980d2d
SHA1

b01ee1c7e9d429acbe3e99cf45d649b164a87115
SHA256

9956422b6d13e04edc980e7e046c25939521b86f980520d115283c8716fad10c
SHA512

fcb0b9958fa7b85976f6f985fe2ddd7bc830ca0027a580498a53f671750675bece6ac4a9fc9b91faab2ca75f3ad7eb115253c5b94b06581ba18b42b77301f2c6
SSDEEP

3072:jV8+H5QROc2O9DOcfhFPOfuA6mabApqrHIZ9AGp1k6oaRoB9prb/n:jYROc2IfhJauAnGg0orcgE9pv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2936	2684	rundll32.exe	28
PID 2684 wrote to memory of 2936	2684	rundll32.exe	28
PID 2684 wrote to memory of 2936	2684	rundll32.exe	28
PID 2684 wrote to memory of 2936	2684	rundll32.exe	28
PID 2684 wrote to memory of 2936	2684	rundll32.exe	28
PID 2684 wrote to memory of 2936	2684	rundll32.exe	28
PID 2684 wrote to memory of 2936	2684	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c548c7f2e1ababefefeaa43a3980d2d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c548c7f2e1ababefefeaa43a3980d2d.dll,#1
  2⤵
  PID:2936