e0f492b56cdde36c64daa34406e43e16113e7b7e43952895529dea6b65eacd6b

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 00:15

Target

quricol32.dll
Size

218KB
MD5

19306dd58bbd42f9c4fba0072a6e810a
SHA1

e6c01ab512806319db1745e73fbd55f3ac9298b3
SHA256

90864d6b81ab5b6251e3739366f2cd8ffb9bccc7c08f9c39eb4b73db17f0401b
SHA512

01f9b18438737baaa523048f518385aabdef8417ea92e38f65c3c052036b70c9329e8f07ba47af5a32edd7948a1b81cc1173b9e60db00ba1c87e2ac5c86c4340
SSDEEP

3072:Syy0/QPixg1FYvqMH5XuCtM7ZRA0ke9S7egumTBfCUuAg0Fu/5b8+zd:W0/Qqxg1FYvqMHpuCtR0VpgDTBqUuAO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2732	3052	rundll32.exe	28
PID 3052 wrote to memory of 2732	3052	rundll32.exe	28
PID 3052 wrote to memory of 2732	3052	rundll32.exe	28
PID 3052 wrote to memory of 2732	3052	rundll32.exe	28
PID 3052 wrote to memory of 2732	3052	rundll32.exe	28
PID 3052 wrote to memory of 2732	3052	rundll32.exe	28
PID 3052 wrote to memory of 2732	3052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\quricol32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\quricol32.dll,#1
  2⤵
  PID:2732