18a2de50c8db41d3bc8b9603da7d22e40e580b5bea6a88f3e4c713b20f64ab41

Analysis

max time kernel
0s
max time network
1s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 21:48

Target

3df71e0412f3e57e5a6b248bf3f6c7cf.dll
Size

116KB
MD5

3df71e0412f3e57e5a6b248bf3f6c7cf
SHA1

9969923827c29ce025ea8051077ca568005a7795
SHA256

18a2de50c8db41d3bc8b9603da7d22e40e580b5bea6a88f3e4c713b20f64ab41
SHA512

a93f2362d97cd4161b1c049eeff64b56eed104565b0ef6beb29b34150c1f08263a54bda76053db1082c28ab4af17fbb24737cf073563e986bb3fb95ca1fe1bc7
SSDEEP

3072:GkBVrmUiahgwQeoZDgjT/d0m3ZuAKtOxmitmKqL46C9dilB:epwQ3yZrWOPmhbAw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 312 wrote to memory of 296	312	rundll32.exe	28
PID 312 wrote to memory of 296	312	rundll32.exe	28
PID 312 wrote to memory of 296	312	rundll32.exe	28
PID 312 wrote to memory of 296	312	rundll32.exe	28
PID 312 wrote to memory of 296	312	rundll32.exe	28
PID 312 wrote to memory of 296	312	rundll32.exe	28
PID 312 wrote to memory of 296	312	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3df71e0412f3e57e5a6b248bf3f6c7cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3df71e0412f3e57e5a6b248bf3f6c7cf.dll,#1
  2⤵
  PID:296

memory/296-0-0x00000000001C0000-0x00000000001CB000-memory.dmp

Filesize
44KB

Download
memory/296-1-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/296-4-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download