84d4f6fd7eb3df2b7595b06887ba78ee8b5aba423fff9b7e8da3898a67b72314

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 11:49

Target

85812383/bin/Release/RemoteDll.dll
Size

20KB
MD5

da570d1339243009208f245f4a6cf082
SHA1

227e541c3e6bd457917014386cf6cff143d5f658
SHA256

0ef1faf3a9e14fc6eacfe1c513c6264cf17c2d6c3c61ae863bca60cdb62bdeb7
SHA512

3a0605d10df26f4cf4e44d75bd39b24191f0d0c3db41847318217bf4b0a18c1a67a012a136dc020493e68a8bfe81dced32186859ab8e696f803ab99a831f848c
SSDEEP

24:e1GSC6F4y0YLRlMYPsElelfDVE5UaFlDjHAZe4qG//xhgEdVfnKR/tRU4uMTQMjV:SVh9MYZO+Kq2/ggAttaWizmZMmYJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2424	2396	rundll32.exe	28
PID 2396 wrote to memory of 2424	2396	rundll32.exe	28
PID 2396 wrote to memory of 2424	2396	rundll32.exe	28
PID 2396 wrote to memory of 2424	2396	rundll32.exe	28
PID 2396 wrote to memory of 2424	2396	rundll32.exe	28
PID 2396 wrote to memory of 2424	2396	rundll32.exe	28
PID 2396 wrote to memory of 2424	2396	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85812383\bin\Release\RemoteDll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\85812383\bin\Release\RemoteDll.dll,#1
  2⤵
  PID:2424