41ade3ef2faea13efd67e07e7bf88f993669c86d8678186e377d95e5de6e3c2d

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:36

Target

21eabd1d69b3e5b77eb48bea8fe35fdc.dll
Size

64KB
MD5

21eabd1d69b3e5b77eb48bea8fe35fdc
SHA1

adbebe4edd3efd475559b5407f58a4c83463232a
SHA256

41ade3ef2faea13efd67e07e7bf88f993669c86d8678186e377d95e5de6e3c2d
SHA512

35d7536b0fb300f3698dc16f187660970d1fd3b7fa548092fd05dca8bc361d0f2af38e9296bd5d910d0bd7d4e01d99ff5681213ecac51e91634b5b5e00088049
SSDEEP

768:6HLEjXqOcy48wA+LkoqW8lyTxkw9U2p26wbzC5sdxMjiB9UQgwWHiGOs3qN:6WaC+Ltq1lyTCM8nzN4los6N

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2716	1752	rundll32.exe	28
PID 1752 wrote to memory of 2716	1752	rundll32.exe	28
PID 1752 wrote to memory of 2716	1752	rundll32.exe	28
PID 1752 wrote to memory of 2716	1752	rundll32.exe	28
PID 1752 wrote to memory of 2716	1752	rundll32.exe	28
PID 1752 wrote to memory of 2716	1752	rundll32.exe	28
PID 1752 wrote to memory of 2716	1752	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21eabd1d69b3e5b77eb48bea8fe35fdc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21eabd1d69b3e5b77eb48bea8fe35fdc.dll,#1
  2⤵
  PID:2716