33ebb0de9437f8efe1b22652ef9fb5137dc371c30e06e55702406fd002c31b7a

Analysis

max time kernel
76s
max time network
41s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:36 UTC

Target

2a3fa4a22d4324bb16be7f638c364699.dll
Size

44KB
MD5

2a3fa4a22d4324bb16be7f638c364699
SHA1

5b2fa7972fb49e921fa66f043fdf3fc35d7ee9c4
SHA256

33ebb0de9437f8efe1b22652ef9fb5137dc371c30e06e55702406fd002c31b7a
SHA512

bd8085c4736099c915d168806a3b128f7bd50f741d1c1b630c02963c0426c5ab5416edef75ab20b4604dd0fe714534ffdc0b12be056f70a3eeb20c0e45837ed1
SSDEEP

384:qxWUGpuuxL8WtTTnFo//EEXeudtLmJItHr3hMNmqGm77yhlo1L5Eu8jHJ7tu:nuuSWtTzFKXbmJIfMNWmfoo1L5Ef

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3028	3024	rundll32.exe	29
PID 3024 wrote to memory of 3028	3024	rundll32.exe	29
PID 3024 wrote to memory of 3028	3024	rundll32.exe	29
PID 3024 wrote to memory of 3028	3024	rundll32.exe	29
PID 3024 wrote to memory of 3028	3024	rundll32.exe	29
PID 3024 wrote to memory of 3028	3024	rundll32.exe	29
PID 3024 wrote to memory of 3028	3024	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a3fa4a22d4324bb16be7f638c364699.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a3fa4a22d4324bb16be7f638c364699.dll,#1
  2⤵
  PID:3028