0874ba8a48e5756278f30064a65792dbf1110acb937c034422e6517e6bfcb514

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:13

Target

3966596c0c7641eba65d58bcb683e47a.dll
Size

112KB
MD5

3966596c0c7641eba65d58bcb683e47a
SHA1

42a47e8d76ced8405e3ba43102f892ec7cc794db
SHA256

0874ba8a48e5756278f30064a65792dbf1110acb937c034422e6517e6bfcb514
SHA512

9658273d4b7ba8049ce2611a6b66e00a1822da9f15e6c91ef5f97ef575038629e5745b1fdc71178ea8cc4aa89885addb53bf981a344f5bb594629e8767cd367e
SSDEEP

1536:IWcjzhiv4AYpmVqSAI2cdpimA5KQcQmbE5aNIvIDos5zvpU/KKWuA1PsGkHyd6qe:I4vCmVPAZRgDoc7pqKSAsGNd6q9ZVU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2112	2324	rundll32.exe	28
PID 2324 wrote to memory of 2112	2324	rundll32.exe	28
PID 2324 wrote to memory of 2112	2324	rundll32.exe	28
PID 2324 wrote to memory of 2112	2324	rundll32.exe	28
PID 2324 wrote to memory of 2112	2324	rundll32.exe	28
PID 2324 wrote to memory of 2112	2324	rundll32.exe	28
PID 2324 wrote to memory of 2112	2324	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3966596c0c7641eba65d58bcb683e47a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3966596c0c7641eba65d58bcb683e47a.dll,#1
  2⤵
  PID:2112