7916e0b767bd327c23c59b2ea56b549dfd5afa67723c1b763d27d77974d20816

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:13

Target

0fbd7d26d91b32bcb20bc71d536bcc74.dll
Size

68KB
MD5

0fbd7d26d91b32bcb20bc71d536bcc74
SHA1

01c259342e878fc11dafc503180b5262baed3246
SHA256

7916e0b767bd327c23c59b2ea56b549dfd5afa67723c1b763d27d77974d20816
SHA512

b64e721a1e1696a60ff62d26f14dcc33fb349a2b61104d3ada12f3f1b06628bb75cf5b3555e1e6657612e8aa418d4204f8411198cb176aa7da21ec091d44835a
SSDEEP

1536:iFzN559FODkcahc6kHAx/228BDU1TubNVKB2TCHaacBU+BVe:gzPgOBkA/2Ju6bJT+aacBU+Pe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2664	3024	rundll32.exe	28
PID 3024 wrote to memory of 2664	3024	rundll32.exe	28
PID 3024 wrote to memory of 2664	3024	rundll32.exe	28
PID 3024 wrote to memory of 2664	3024	rundll32.exe	28
PID 3024 wrote to memory of 2664	3024	rundll32.exe	28
PID 3024 wrote to memory of 2664	3024	rundll32.exe	28
PID 3024 wrote to memory of 2664	3024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fbd7d26d91b32bcb20bc71d536bcc74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fbd7d26d91b32bcb20bc71d536bcc74.dll,#1
  2⤵
  PID:2664

memory/2664-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2664-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2664-2-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download