af3dd6295ec767c92464817e242e21f9b80e5f6e22036393f9fee00047516c80

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:57

Target

0f427be9221e3acaa4f299f4f88351e4.dll
Size

29KB
MD5

0f427be9221e3acaa4f299f4f88351e4
SHA1

185159188dabbfaae3d29e97c7c026b163c34b03
SHA256

af3dd6295ec767c92464817e242e21f9b80e5f6e22036393f9fee00047516c80
SHA512

3864c1ecf09e5a791680ff36ed6fda10d88fcd00809f90a0d3e3c4a29ce2526bdb6e8584f91408a585dd7c9b7b66beb4c18c72da40bdaa458d8c982658f69f6b
SSDEEP

384:xyuzmk3ySFy81TvV5Olz9HkGlY8MNXb+A7hX+xS9+U1j1dDG1am1rf1vjgNgAzLL:PM81TvV5EhkWYGA9O5VEL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2380	2356	rundll32.exe	28
PID 2356 wrote to memory of 2380	2356	rundll32.exe	28
PID 2356 wrote to memory of 2380	2356	rundll32.exe	28
PID 2356 wrote to memory of 2380	2356	rundll32.exe	28
PID 2356 wrote to memory of 2380	2356	rundll32.exe	28
PID 2356 wrote to memory of 2380	2356	rundll32.exe	28
PID 2356 wrote to memory of 2380	2356	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f427be9221e3acaa4f299f4f88351e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f427be9221e3acaa4f299f4f88351e4.dll,#1
  2⤵
  PID:2380