d49117311672c1c3a3c542769fb0276989401de5833ac62be15493df8b5124d4

Analysis

max time kernel
120s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 13:18

Target

43c80ef42d58cc3bade231070ac37ee4.dll
Size

69KB
MD5

43c80ef42d58cc3bade231070ac37ee4
SHA1

37caefe29569d2ca004e1122aa38fc7c7f7576bf
SHA256

d49117311672c1c3a3c542769fb0276989401de5833ac62be15493df8b5124d4
SHA512

7e5a015e5c8df19256468876b3d02b2ccb8aa577f788a0043b4e6126228a8c8077aa88ffa142b10fb766919464d55cf4581f76c8464f4d87dbacb7b444313c89
SSDEEP

1536:ehbTMVLqzS3zKlkR528RTxBQFA1MgkuiCmGOGlcvL:eh8Vb3OlkbTPQS1zniUO7L

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1444	1928	rundll32.exe	29
PID 1928 wrote to memory of 1444	1928	rundll32.exe	29
PID 1928 wrote to memory of 1444	1928	rundll32.exe	29
PID 1928 wrote to memory of 1444	1928	rundll32.exe	29
PID 1928 wrote to memory of 1444	1928	rundll32.exe	29
PID 1928 wrote to memory of 1444	1928	rundll32.exe	29
PID 1928 wrote to memory of 1444	1928	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43c80ef42d58cc3bade231070ac37ee4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43c80ef42d58cc3bade231070ac37ee4.dll,#1
  2⤵
  PID:1444

memory/1444-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1444-1-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1444-2-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1444-3-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download