1d5e37cdda3d4268bc8ec1be219326965c103694343feb1e578e90f8ec753050

Analysis

max time kernel
12s
max time network
32s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 11:30

Target

172c0f4ee94f12f7944471476bf6733b.dll
Size

39KB
MD5

172c0f4ee94f12f7944471476bf6733b
SHA1

9ce164f567590d6f16e93939a69dcd8c17075359
SHA256

1d5e37cdda3d4268bc8ec1be219326965c103694343feb1e578e90f8ec753050
SHA512

490b2e948127fea484b8fe6a29d24d98868f5934062bc334af8e52baa7d09f4d79c2364a63df821a7d9bf54a3adea85f9527fd517546bde97a7c86888f42e675
SSDEEP

768:HLHnXQUf44po/I8nwPVB2i4zDXUxhHRLMeciIWHf9/hrsh5ms:bXr44pI1wPVBkzgxhHnci9HV/hrsh5ms

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2920	1648	rundll32.exe	28
PID 1648 wrote to memory of 2920	1648	rundll32.exe	28
PID 1648 wrote to memory of 2920	1648	rundll32.exe	28
PID 1648 wrote to memory of 2920	1648	rundll32.exe	28
PID 1648 wrote to memory of 2920	1648	rundll32.exe	28
PID 1648 wrote to memory of 2920	1648	rundll32.exe	28
PID 1648 wrote to memory of 2920	1648	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\172c0f4ee94f12f7944471476bf6733b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\172c0f4ee94f12f7944471476bf6733b.dll,#1
  2⤵
  PID:2920

memory/2920-1-0x00000000004F0000-0x0000000000530000-memory.dmp

Filesize
256KB

Download
memory/2920-0-0x00000000004F0000-0x0000000000530000-memory.dmp

Filesize
256KB

Download