52d8098c5f67ec1fdc07a3e1e3395b7ecef4350de62647456f6367b90309a83d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 10:36

Target

161ea469a9b14e998ffb906f717b7087.dll
Size

7KB
MD5

161ea469a9b14e998ffb906f717b7087
SHA1

e5d073b1770ba85d3053dc8886ed67d20499b86d
SHA256

52d8098c5f67ec1fdc07a3e1e3395b7ecef4350de62647456f6367b90309a83d
SHA512

7e933ff35ac6e85b67373598c38614b09651154832b3f62f40f5aeb9d7c01c76422193f6cac55b2648372783eb05cf8ba6a6b707f55377e91a3bae324d9a0e0f
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWEbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPCq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1248	1212	rundll32.exe	28
PID 1212 wrote to memory of 1248	1212	rundll32.exe	28
PID 1212 wrote to memory of 1248	1212	rundll32.exe	28
PID 1212 wrote to memory of 1248	1212	rundll32.exe	28
PID 1212 wrote to memory of 1248	1212	rundll32.exe	28
PID 1212 wrote to memory of 1248	1212	rundll32.exe	28
PID 1212 wrote to memory of 1248	1212	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\161ea469a9b14e998ffb906f717b7087.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\161ea469a9b14e998ffb906f717b7087.dll,#1
  2⤵
  PID:1248