e9aa4e460f9857dac26405ed0ed6fa17b34bfe2271d78a2ebf098999d72c8a76

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 00:35

Target

4791f2c46b6c3ca832292c1bd3277a70.dll
Size

380KB
MD5

4791f2c46b6c3ca832292c1bd3277a70
SHA1

d701b809789d4a36e3bad81886f22565dbc5e6fb
SHA256

e9aa4e460f9857dac26405ed0ed6fa17b34bfe2271d78a2ebf098999d72c8a76
SHA512

e13b47f797590b58b3578f81820a7b9cdb097ce61fb729da232ae830cff8d1caec349cb65a8a6c814583b463f8efead989d18589066ba92f60788de861a44489
SSDEEP

3072:v50o2UhmShqhoNPtgNByvfJkSbjJsT10qVHBAhzO66W8FRP3W22LBxer2zc1N+2i:vSoQpXueNh0UMpdxerXzdzFhohi33o

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2520	2480	rundll32.exe	28
PID 2480 wrote to memory of 2520	2480	rundll32.exe	28
PID 2480 wrote to memory of 2520	2480	rundll32.exe	28
PID 2480 wrote to memory of 2520	2480	rundll32.exe	28
PID 2480 wrote to memory of 2520	2480	rundll32.exe	28
PID 2480 wrote to memory of 2520	2480	rundll32.exe	28
PID 2480 wrote to memory of 2520	2480	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4791f2c46b6c3ca832292c1bd3277a70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4791f2c46b6c3ca832292c1bd3277a70.dll,#1
  2⤵
  PID:2520