de3d8276354929d89ce179a202a4a25955f608c54cc9e9f7e163c4fd4adbacea

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 13:41

Target

1a56325d2bc3e81f11f91ecae377f9ba.dll
Size

526KB
MD5

1a56325d2bc3e81f11f91ecae377f9ba
SHA1

b0ef915b57f8c8aec519e48ae9ecad64ecdaf86e
SHA256

de3d8276354929d89ce179a202a4a25955f608c54cc9e9f7e163c4fd4adbacea
SHA512

40553be1e1235fa2724331afbefa4a31f04e4a38d892c8be868fdfef67e715dbc22aac717f5724c43a59be8a19358eb4890b4e2585f68d1d8e7c69ec0aa3a2ac
SSDEEP

6144:BU0T90GuyIyeZq0Aou/fQ20GhCwghLBEg7CwBpMpVgov/F7:rFuCeZq0dKfR0oCwILnBpMDTXF7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2904	2536	rundll32.exe	16
PID 2536 wrote to memory of 2904	2536	rundll32.exe	16
PID 2536 wrote to memory of 2904	2536	rundll32.exe	16
PID 2536 wrote to memory of 2904	2536	rundll32.exe	16
PID 2536 wrote to memory of 2904	2536	rundll32.exe	16
PID 2536 wrote to memory of 2904	2536	rundll32.exe	16
PID 2536 wrote to memory of 2904	2536	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a56325d2bc3e81f11f91ecae377f9ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a56325d2bc3e81f11f91ecae377f9ba.dll,#1
  2⤵
  PID:2904

memory/2904-3-0x0000000002040000-0x0000000002109000-memory.dmp

Filesize
804KB

Download
memory/2904-5-0x0000000002040000-0x0000000002109000-memory.dmp

Filesize
804KB

Download
memory/2904-4-0x0000000002040000-0x0000000002109000-memory.dmp

Filesize
804KB

Download
memory/2904-2-0x0000000002040000-0x0000000002109000-memory.dmp

Filesize
804KB

Download
memory/2904-1-0x0000000002040000-0x0000000002109000-memory.dmp

Filesize
804KB

Download
memory/2904-0-0x0000000002040000-0x0000000002109000-memory.dmp

Filesize
804KB

Download