22985cc9854ae61dad7387e0731e1cf237a25e8a2aca1185f0e7563ae9946840

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:12

Target

0fb524dfd55b3a8139a232129fe6ea40.dll
Size

128KB
MD5

0fb524dfd55b3a8139a232129fe6ea40
SHA1

1d5af0c197b15b4c6534e146b6698a1b7d4fffdb
SHA256

22985cc9854ae61dad7387e0731e1cf237a25e8a2aca1185f0e7563ae9946840
SHA512

1505d388757720bb565d47fa519e699ebf395a5ca00eb8930d8a071e7dbe155cb9a0bca11baefa53875e12838ce92053102ce3cd2811cdbc1c652848f7407ff8
SSDEEP

1536:LQqttS1OmH/burnwwuCgwOK00QM2WhQ1KZ2kDR2GXKxTUtTO:LFtSAmHju7KFwOjnWhQ1oR2JxoxO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2316	1848	rundll32.exe	28
PID 1848 wrote to memory of 2316	1848	rundll32.exe	28
PID 1848 wrote to memory of 2316	1848	rundll32.exe	28
PID 1848 wrote to memory of 2316	1848	rundll32.exe	28
PID 1848 wrote to memory of 2316	1848	rundll32.exe	28
PID 1848 wrote to memory of 2316	1848	rundll32.exe	28
PID 1848 wrote to memory of 2316	1848	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fb524dfd55b3a8139a232129fe6ea40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fb524dfd55b3a8139a232129fe6ea40.dll,#1
  2⤵
  PID:2316

memory/2316-0-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download
memory/2316-1-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download