10ac9705e9bb12e365e1e4e8c1ceda06fb171d39432d6593eced1cb0fc9b0331

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:15

Target

2b6994311cd221e109bf95f58c5fe63d.dll
Size

841KB
MD5

2b6994311cd221e109bf95f58c5fe63d
SHA1

c7549a06b2c76d5f771115bf4578890d1c6773dc
SHA256

10ac9705e9bb12e365e1e4e8c1ceda06fb171d39432d6593eced1cb0fc9b0331
SHA512

88a2ccdcb1dbb1e5234c1103ab2b042e56ca1c00f9d6a2d9681d55a8681d90e04c6529aa4cdac6e64f3dac67fe11613d26bc8b07237a37c05337aa008e78b666
SSDEEP

12288:YL692ei7NIksd7O0kXD25ebyZuCrt50QBXU9EFFSyS4HveQaIl1v1DtRsQcm:YL7nNIdOlz2+yZum5bBXSG5ShKFb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1916	3052	rundll32.exe	14
PID 3052 wrote to memory of 1916	3052	rundll32.exe	14
PID 3052 wrote to memory of 1916	3052	rundll32.exe	14
PID 3052 wrote to memory of 1916	3052	rundll32.exe	14
PID 3052 wrote to memory of 1916	3052	rundll32.exe	14
PID 3052 wrote to memory of 1916	3052	rundll32.exe	14
PID 3052 wrote to memory of 1916	3052	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b6994311cd221e109bf95f58c5fe63d.dll,#1
1⤵
PID:1916

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b6994311cd221e109bf95f58c5fe63d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3052