45bf54c44b48fafd13a18e26b8f5f75ac9c926624f28acebb2b5a65604986c38

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 06:59

Target

4032f09bd0a18aa13ce9cb38ea344169.dll
Size

319KB
MD5

4032f09bd0a18aa13ce9cb38ea344169
SHA1

691c4d0a78944aceb0680586a286281d1df4e33f
SHA256

45bf54c44b48fafd13a18e26b8f5f75ac9c926624f28acebb2b5a65604986c38
SHA512

e25d5e8c5e1263b5e96fe48a51fa2acf98f1ab41308de7e6142af7bb02dc5c6183504ae58e455a6a8bad1ae0bde6a8614245df39da193e79f3f8916b8d8b9f3e
SSDEEP

6144:0S/dOKZ0hsWv8iaWNLkMjDGPlYdf4UH5Lr48MExc4lcMKqdXD:0S0K+uzWJk1+Zv48MP4lJxz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 2500	1192	rundll32.exe	14
PID 1192 wrote to memory of 2500	1192	rundll32.exe	14
PID 1192 wrote to memory of 2500	1192	rundll32.exe	14
PID 1192 wrote to memory of 2500	1192	rundll32.exe	14
PID 1192 wrote to memory of 2500	1192	rundll32.exe	14
PID 1192 wrote to memory of 2500	1192	rundll32.exe	14
PID 1192 wrote to memory of 2500	1192	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4032f09bd0a18aa13ce9cb38ea344169.dll,#1
1⤵
PID:2500

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4032f09bd0a18aa13ce9cb38ea344169.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192