cd27834713073dc2062d83f979def6041963c765ab6a59736d591d4f25137242

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 08:02

Target

12e50a34b93c2b444eb2e4d3d95e10dd.dll
Size

182KB
MD5

12e50a34b93c2b444eb2e4d3d95e10dd
SHA1

897466e3ee4e6c067064dcc0cfd8b7fdbd57f686
SHA256

cd27834713073dc2062d83f979def6041963c765ab6a59736d591d4f25137242
SHA512

faf36bdc2978f968990634c9e35bcea6376562fc1020e7158434abfb4bdb0cd54563f7ebbb41afd8016a1f39bc17a1473e912ffcbb0b161bb34aa6cf33adc10b
SSDEEP

3072:2+VoIEDtUiAr4x6hs2OEMjwIvnlkgpMQ8uEOdElM4uuW4NKjVkwQMW:2+VNERr05FgcalzEOqBuQNK

Score

1^/10

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3048	3000	rundll32.exe	28
PID 3000 wrote to memory of 3048	3000	rundll32.exe	28
PID 3000 wrote to memory of 3048	3000	rundll32.exe	28
PID 3000 wrote to memory of 3048	3000	rundll32.exe	28
PID 3000 wrote to memory of 3048	3000	rundll32.exe	28
PID 3000 wrote to memory of 3048	3000	rundll32.exe	28
PID 3000 wrote to memory of 3048	3000	rundll32.exe	28
PID 3048 wrote to memory of 2484	3048	rundll32.exe	29
PID 3048 wrote to memory of 2484	3048	rundll32.exe	29
PID 3048 wrote to memory of 2484	3048	rundll32.exe	29
PID 3048 wrote to memory of 2484	3048	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e50a34b93c2b444eb2e4d3d95e10dd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e50a34b93c2b444eb2e4d3d95e10dd.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\system32\svchost.exe
    3⤵
    PID:2484