8d601e565d6a3fc1c6c389427d4bc04cf288d4f3e2b1fd0cf6d49f49915f8fa2

Analysis

max time kernel
23s
max time network
25s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:30

Target

3811170f5654046e9375444091eec411.dll
Size

10KB
MD5

3811170f5654046e9375444091eec411
SHA1

98c2a966f00cd72ae0cb43a7ae007c66be3c2a89
SHA256

8d601e565d6a3fc1c6c389427d4bc04cf288d4f3e2b1fd0cf6d49f49915f8fa2
SHA512

b1153b2ffc2fbbaa040ed6c1a5f4d1066451412c216fd4eeee56e185ba7ac90b3993d33437a10b55cf8c44a9dec0beb1cbca80316c1f4e1e01ff18afbb92bd3e
SSDEEP

192:mt7sXIW3l0vdV+fTTjih5Rg8t6y/APtvMEwRhjKD+bBTaVw:mt7sr2vD6jo5Rg8gCUvehjKSbBTa+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2644	2172	rundll32.exe	28
PID 2172 wrote to memory of 2644	2172	rundll32.exe	28
PID 2172 wrote to memory of 2644	2172	rundll32.exe	28
PID 2172 wrote to memory of 2644	2172	rundll32.exe	28
PID 2172 wrote to memory of 2644	2172	rundll32.exe	28
PID 2172 wrote to memory of 2644	2172	rundll32.exe	28
PID 2172 wrote to memory of 2644	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3811170f5654046e9375444091eec411.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3811170f5654046e9375444091eec411.dll,#1
  2⤵
  PID:2644

memory/2644-0-0x0000000074ED0000-0x0000000074F2F000-memory.dmp

Filesize
380KB

Download
memory/2644-1-0x0000000074E70000-0x0000000074ECF000-memory.dmp

Filesize
380KB

Download
memory/2644-2-0x0000000074ED0000-0x0000000074F2F000-memory.dmp

Filesize
380KB

Download