8684cde19eecfb0a5fd393d1129d8b3e6e60c4693d252e540d95d39148c1b04d

Analysis

max time kernel
121s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 11:55

Target

48e96b6e1eaf1d7dc815fcee08914306.dll
Size

5KB
MD5

48e96b6e1eaf1d7dc815fcee08914306
SHA1

85d81a7f29fef0a6fcaf1114151a199817f11821
SHA256

8684cde19eecfb0a5fd393d1129d8b3e6e60c4693d252e540d95d39148c1b04d
SHA512

f66ef73ad834ab84cb3dd25356aad0a1607ea82cf4dcbc23255092ebef799a1a47e4e9ea9184ffdddd64acbd0af8180d775f3b83f435b2ae5dad9edf6ee6541f
SSDEEP

96:LqKr/4G7/NzDiqIvKPBK9fKm4URci0tYih+et9fkgcwQwTpF:LqehZiHvKPBKN4ici0kejfkgUw9F

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2748	2348	rundll32.exe	29
PID 2348 wrote to memory of 2748	2348	rundll32.exe	29
PID 2348 wrote to memory of 2748	2348	rundll32.exe	29
PID 2348 wrote to memory of 2748	2348	rundll32.exe	29
PID 2348 wrote to memory of 2748	2348	rundll32.exe	29
PID 2348 wrote to memory of 2748	2348	rundll32.exe	29
PID 2348 wrote to memory of 2748	2348	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48e96b6e1eaf1d7dc815fcee08914306.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48e96b6e1eaf1d7dc815fcee08914306.dll,#1
  2⤵
  PID:2748

memory/2748-0-0x0000000025000000-0x0000000025011000-memory.dmp

Filesize
68KB

Download