a93d5267e7602eb38219dddcd615d8788a28507edea7bd8c078200239f912008

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 14:51

Target

4947a91a6d94e3db3c9848c36c81823c.dll
Size

46KB
MD5

4947a91a6d94e3db3c9848c36c81823c
SHA1

acf976d60a3094ffed67692482438f16a6a54c9e
SHA256

a93d5267e7602eb38219dddcd615d8788a28507edea7bd8c078200239f912008
SHA512

981fa47ee01208986b69af5f87096ad78b4faafa337904987f5dda456ef48ec463187ce99a58082a5552657b4d837d339c8d8b59d2002755d3888c0196c914a3
SSDEEP

768:VCjCjl/O8pWArR3OU0Ps154ZMUzecugVzgnb1UmrmAV9vqfvhC5oMfm2284B0Xcf:V5jl/O8pXR3SPs6MUeLgsb1UHAVNuv0E

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2140	3040	rundll32.exe	14
PID 3040 wrote to memory of 2140	3040	rundll32.exe	14
PID 3040 wrote to memory of 2140	3040	rundll32.exe	14
PID 3040 wrote to memory of 2140	3040	rundll32.exe	14
PID 3040 wrote to memory of 2140	3040	rundll32.exe	14
PID 3040 wrote to memory of 2140	3040	rundll32.exe	14
PID 3040 wrote to memory of 2140	3040	rundll32.exe	14

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4947a91a6d94e3db3c9848c36c81823c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4947a91a6d94e3db3c9848c36c81823c.dll,#1
  2⤵
  PID:2140