0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c

Analysis

max time kernel
120s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 04:29

Target

454908e620c33ca3e631a6334e8b1ff1.dll
Size

544KB
MD5

454908e620c33ca3e631a6334e8b1ff1
SHA1

50f292391060ff4d772a4fd695f9eba8432a8fd8
SHA256

0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c
SHA512

0e3165221a8f751c2e54e40d5ffa2012b43535f19bf89a0d6b7f7ec287546e1312c6c43759bd2cc97ad4bc0e9fcc622dbc42b5c7a7f17f2794f1101607de6ca7
SSDEEP

12288:rqru80paIRPWxvFzhzFIko/IcYrIAfDE0cb1Yklllll/lllll7K10QUNI0H:rs0IIFWx9zlFIko/DY8kcbHlllll/llH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2776 wrote to memory of 2796	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2796	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2796	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2796	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2796	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2796	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2796	2776	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\454908e620c33ca3e631a6334e8b1ff1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\454908e620c33ca3e631a6334e8b1ff1.dll,#1
2⤵
PID:2796

memory/2796-0-0x0000000010000000-0x0000000010124000-memory.dmp

Filesize
1.1MB

Download
memory/2796-1-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download