b636e9ba38dc9979354d48338fe0ec48d1d41e47ee21eb47cebc31411ad33df9

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 14:09

Target

1b0795a7a62d8056ff7ef057efe537a3.dll
Size

72KB
MD5

1b0795a7a62d8056ff7ef057efe537a3
SHA1

fef145beb6f276c4f3742d08492fad699ca9c805
SHA256

b636e9ba38dc9979354d48338fe0ec48d1d41e47ee21eb47cebc31411ad33df9
SHA512

0743e990ed62b3b06f8d06f3238a981264a7cb375956b78ea9f540759e65d33c0c1fccfbf9f5e3e9200574e694780b92dc67bc6a911f6b99fd64d53c93e8a6ca
SSDEEP

1536:n7ZLNPp9pZBMRE9N46fkGDA41nX2I9H+1piJN9jXJJigoL3E1lHB:7ZppIq3JJPZJBC3ulh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2436	2672	rundll32.exe	14
PID 2672 wrote to memory of 2436	2672	rundll32.exe	14
PID 2672 wrote to memory of 2436	2672	rundll32.exe	14
PID 2672 wrote to memory of 2436	2672	rundll32.exe	14
PID 2672 wrote to memory of 2436	2672	rundll32.exe	14
PID 2672 wrote to memory of 2436	2672	rundll32.exe	14
PID 2672 wrote to memory of 2436	2672	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0795a7a62d8056ff7ef057efe537a3.dll,#1
1⤵
PID:2436

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0795a7a62d8056ff7ef057efe537a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2672