fc748a39aa3aa8163d487ba4dbf393ed6b9e3b28bf99d6479ec47bcecef4393a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:09

Target

11cc31502e5743f1aeeeff1315b11c9b.dll
Size

20KB
MD5

11cc31502e5743f1aeeeff1315b11c9b
SHA1

aa53c7a3a3f5976f5d311e35fb214267c240edfe
SHA256

fc748a39aa3aa8163d487ba4dbf393ed6b9e3b28bf99d6479ec47bcecef4393a
SHA512

e2f0631106c9bb098f8eda012b26a7fb063085918e524a79bd9c9059b52d04789bd8d02a0a608cdb9d29cc6b94d7ceec3c2339ff52c358cb89e9c075487cf827
SSDEEP

384:/iAPWkkp1qHcQ5+aGTu8Kg3DrV1th9tPOm1eBVZ2YWBve7oA8h3R5kmMQFYxv4Fw:/idpqll8KglB/OmABAG7o1ln+Jwa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2956	2888	rundll32.exe	16
PID 2888 wrote to memory of 2956	2888	rundll32.exe	16
PID 2888 wrote to memory of 2956	2888	rundll32.exe	16
PID 2888 wrote to memory of 2956	2888	rundll32.exe	16
PID 2888 wrote to memory of 2956	2888	rundll32.exe	16
PID 2888 wrote to memory of 2956	2888	rundll32.exe	16
PID 2888 wrote to memory of 2956	2888	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\11cc31502e5743f1aeeeff1315b11c9b.dll,#1
1⤵
PID:2956

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\11cc31502e5743f1aeeeff1315b11c9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2888

memory/2956-3-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2956-2-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2956-1-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2956-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download