20b0243a87dd4cad58d7559ca2252e79628abec1c08b3f298c67f19581539857

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 00:04

Target

44c6dd2447a44aad9664f3d3cbc591b2.dll
Size

32KB
MD5

44c6dd2447a44aad9664f3d3cbc591b2
SHA1

829f59196445e46afe7485f57dbc7d2ee862db1d
SHA256

20b0243a87dd4cad58d7559ca2252e79628abec1c08b3f298c67f19581539857
SHA512

023cda598e951212756adad87b5ba686e8877125ddb61d1054fb0bff88d03c762886d47fbabc495cdfa7a9822002c667efb1eb25ade8a0fcb80fb3b058569cc7
SSDEEP

768:THeHqE1szLLkodKZvzaT/qd9jmXB5cRhdvrn8ELt2ds5i/VaQ5hn5qNcu:aHqE1sEvV/6sdzRZ2ds5i95hcNcu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 3020	2156	rundll32.exe	15
PID 2156 wrote to memory of 3020	2156	rundll32.exe	15
PID 2156 wrote to memory of 3020	2156	rundll32.exe	15
PID 2156 wrote to memory of 3020	2156	rundll32.exe	15
PID 2156 wrote to memory of 3020	2156	rundll32.exe	15
PID 2156 wrote to memory of 3020	2156	rundll32.exe	15
PID 2156 wrote to memory of 3020	2156	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44c6dd2447a44aad9664f3d3cbc591b2.dll,#1
1⤵
PID:3020

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44c6dd2447a44aad9664f3d3cbc591b2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2156

memory/3020-0-0x0000000000170000-0x0000000000182000-memory.dmp

Filesize
72KB

Download