eefac98dc5b041b0d7b280f2073c949b1d2b10b62605a6f0b32b111a06014573

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 20:11

Target

3af1ab7ed3dae3a153eb95c69a85a187.dll
Size

122KB
MD5

3af1ab7ed3dae3a153eb95c69a85a187
SHA1

9ddb05089b3141587b381ef1f2d9801c345d4894
SHA256

eefac98dc5b041b0d7b280f2073c949b1d2b10b62605a6f0b32b111a06014573
SHA512

42546f839021235d7ec2e1ccabba45cf0dac3aff13b4594e3c578481abc01b35aa0618779d6776666384a0d173cb3001b654941985221159f8d972f777872753
SSDEEP

384:r+f8+MmA4cZHHd6KlDYIE4Ik8f0Pqg1DC+d2RpXOi9ybBzWel:rkQpd6iDdE4ICD1DWpXO9bVW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2760	2864	rundll32.exe	14
PID 2864 wrote to memory of 2760	2864	rundll32.exe	14
PID 2864 wrote to memory of 2760	2864	rundll32.exe	14
PID 2864 wrote to memory of 2760	2864	rundll32.exe	14
PID 2864 wrote to memory of 2760	2864	rundll32.exe	14
PID 2864 wrote to memory of 2760	2864	rundll32.exe	14
PID 2864 wrote to memory of 2760	2864	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3af1ab7ed3dae3a153eb95c69a85a187.dll,#1
1⤵
PID:2760

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3af1ab7ed3dae3a153eb95c69a85a187.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2864