daef241acf7fbd16690c31a715cf6f706f8198f50cfa3e2788e500b453d7db57

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 06:45

Target

3c2914cc0d1d106ed2a61f4da60bd4db.dll
Size

24KB
MD5

3c2914cc0d1d106ed2a61f4da60bd4db
SHA1

c2541c63b91df4f6d1ffe9853684b43c767005b2
SHA256

daef241acf7fbd16690c31a715cf6f706f8198f50cfa3e2788e500b453d7db57
SHA512

eb803c44924b20e3809a77d60e7fb8ecabc68ffa6a4fdb08e92c5694a2b6d43714adb104c882c1bcbc28d73b63247d2ba9ff3cf2f20104a98a5272c582d18c50
SSDEEP

96:0Ep8DRZLTn20b54spauDkOEAVSFIkmubV5aj9VR4P4mt9iPiOxaf81NK:PGD7bWsj8AnU5qwgmt9iPza0zK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2914cc0d1d106ed2a61f4da60bd4db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2914cc0d1d106ed2a61f4da60bd4db.dll,#1
  2⤵
  PID:2032