181c4c6f3bd4197513f29d051386f57e2b7899a35cdefe66b48cc40fc5557aae

Analysis

max time kernel
62s
max time network
91s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 07:39

Target

4320eedb550a6c2e88de1864332ec2e1.dll
Size

14KB
MD5

4320eedb550a6c2e88de1864332ec2e1
SHA1

211be7dc88f8db7f6dd6bfc1b855aa71895b8137
SHA256

181c4c6f3bd4197513f29d051386f57e2b7899a35cdefe66b48cc40fc5557aae
SHA512

6411a64c712eb603f39e41ebeb799b8fbb8c2a0e9b84c5aa461069aa2e4dc7970b8e2d8dcdacf209d85777b99160aa58a902f40d274b2f8725197f6d465eaa01
SSDEEP

192:bZXlQfsPDrIddZlG+ZSrJc6II3CD6mooBRKj85v/OIQkkNE+8hb6AyvWeck:VVdPfUZy3CD6LoBRfv/9WEd4eeck

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	2952	rundll32.exe
3	2952	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2952	2580	rundll32.exe	29
PID 2580 wrote to memory of 2952	2580	rundll32.exe	29
PID 2580 wrote to memory of 2952	2580	rundll32.exe	29
PID 2580 wrote to memory of 2952	2580	rundll32.exe	29
PID 2580 wrote to memory of 2952	2580	rundll32.exe	29
PID 2580 wrote to memory of 2952	2580	rundll32.exe	29
PID 2580 wrote to memory of 2952	2580	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4320eedb550a6c2e88de1864332ec2e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4320eedb550a6c2e88de1864332ec2e1.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:2952