58ff38369d78eca50ac3c4b030e48c4c73e0edc4c576cd2a76886e5ecc9130cc

Analysis

max time kernel
119s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 11:46

Target

4b5899f87da26ca6dbe1b191f3b094fd.dll
Size

7.4MB
MD5

4b5899f87da26ca6dbe1b191f3b094fd
SHA1

9575d9726dbbe1109d4cf7d2ac69d41cd5f59e09
SHA256

58ff38369d78eca50ac3c4b030e48c4c73e0edc4c576cd2a76886e5ecc9130cc
SHA512

55ab1d07c822b610986df00cfffdb616106d4ba2f822ab062be85849764773adfe0bd0266971a0e83ebf6d34c8537e28909c6305ae6913251fe389ac7a29ea3e
SSDEEP

98304:o9i/f1/FjdMn9i/f1/FjdMj9i/f1/FjdMv9i/f1/FjdM:pf1/FG8f1/FGYf1/FGUf1/FG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 3052	2092	rundll32.exe	28
PID 2092 wrote to memory of 3052	2092	rundll32.exe	28
PID 2092 wrote to memory of 3052	2092	rundll32.exe	28
PID 2092 wrote to memory of 3052	2092	rundll32.exe	28
PID 2092 wrote to memory of 3052	2092	rundll32.exe	28
PID 2092 wrote to memory of 3052	2092	rundll32.exe	28
PID 2092 wrote to memory of 3052	2092	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b5899f87da26ca6dbe1b191f3b094fd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b5899f87da26ca6dbe1b191f3b094fd.dll,#1
  2⤵
  PID:3052