d5857891238f52ac4488c1298d5b9936a4486ec42f3ffc7bb67026b4059220dc

Analysis

max time kernel
123s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:31

Target

39e959601fa003c0cd5922aafdffe472.dll
Size

314KB
MD5

39e959601fa003c0cd5922aafdffe472
SHA1

a1cf1d9f7f657f52f74f25947c5121fde40f14aa
SHA256

d5857891238f52ac4488c1298d5b9936a4486ec42f3ffc7bb67026b4059220dc
SHA512

7faea6dd3ae02233ab86d6b6527e7ad9497c6b8b113d79e8757f4ded10f1cfdd5b16812bf655ffc9a558e3d7a69e66419c1f5fe0ce2db40c3680ddccbb840340
SSDEEP

6144:d0BX7xJwEzDzn24wMWzmrBr2roKqbp7l4GAwcCPKPzWPHu4/Y+6SI5h65UcZYRe:dC7xJFjw/zIIroK2luLzWuGC6V

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2276	1652	rundll32.exe	28
PID 1652 wrote to memory of 2276	1652	rundll32.exe	28
PID 1652 wrote to memory of 2276	1652	rundll32.exe	28
PID 1652 wrote to memory of 2276	1652	rundll32.exe	28
PID 1652 wrote to memory of 2276	1652	rundll32.exe	28
PID 1652 wrote to memory of 2276	1652	rundll32.exe	28
PID 1652 wrote to memory of 2276	1652	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39e959601fa003c0cd5922aafdffe472.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39e959601fa003c0cd5922aafdffe472.dll,#1
  2⤵
  PID:2276