79ed5aaa8fbc3a3f989e33a67883dd04554030904acfdb404ae8eef60de5115e

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:24

Target

37e5e4dde2e82b3b844a34a3f2cc3630.dll
Size

84KB
MD5

37e5e4dde2e82b3b844a34a3f2cc3630
SHA1

a0dc1b8bfc06cc03de12043850326e9d7ae58db2
SHA256

79ed5aaa8fbc3a3f989e33a67883dd04554030904acfdb404ae8eef60de5115e
SHA512

cda2da822f2935045ac373c1c806f19623ca3055b6e0469181f3ea3ec80cfa04c32537f3b413b7e7910261a909b29ddd675f10d91548fdb09dda5a01c441e09c
SSDEEP

1536:YuoKoCddu4lFjt0FghG6O0sMgY8i3gH9swoE+ZQsvy0YhBsi:Yuocnu4lFjWAG6O0AHmw+Z3vJYsi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2992	2980	rundll32.exe	19
PID 2980 wrote to memory of 2992	2980	rundll32.exe	19
PID 2980 wrote to memory of 2992	2980	rundll32.exe	19
PID 2980 wrote to memory of 2992	2980	rundll32.exe	19
PID 2980 wrote to memory of 2992	2980	rundll32.exe	19
PID 2980 wrote to memory of 2992	2980	rundll32.exe	19
PID 2980 wrote to memory of 2992	2980	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37e5e4dde2e82b3b844a34a3f2cc3630.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37e5e4dde2e82b3b844a34a3f2cc3630.dll,#1
  2⤵
  PID:2992

memory/2992-0-0x00000000007E0000-0x00000000008C7000-memory.dmp

Filesize
924KB

Download