9845468ace910e3b5141fd0a9709f6acdb0923fa99a6410de8e116cc06b82019

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 21:15

Target

4c79118321fc3e1cad8b907ac5bc7f10.dll
Size

339KB
MD5

4c79118321fc3e1cad8b907ac5bc7f10
SHA1

5e778fceca03902df084871b87f267c07a04c2e4
SHA256

9845468ace910e3b5141fd0a9709f6acdb0923fa99a6410de8e116cc06b82019
SHA512

4e7252dc32059eee59dfc7e89f6ae645c0b020d9ebbdf5d620f3cf29c22b82a8fba16a8ef9f5f72b06a4ee42588b2aec8cad38fa4c2e8d15b624c12c0c9331a5
SSDEEP

6144:G2PTW8aPCYD1ALcHjVi8TcDRSCzpGCoaAzEJOrDrwqVKH8rrETBNpWt:PHaPCYD1A4DQlDBcKOrvxKH8nETo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2948	2936	rundll32.exe	16
PID 2936 wrote to memory of 2948	2936	rundll32.exe	16
PID 2936 wrote to memory of 2948	2936	rundll32.exe	16
PID 2936 wrote to memory of 2948	2936	rundll32.exe	16
PID 2936 wrote to memory of 2948	2936	rundll32.exe	16
PID 2936 wrote to memory of 2948	2936	rundll32.exe	16
PID 2936 wrote to memory of 2948	2936	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c79118321fc3e1cad8b907ac5bc7f10.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c79118321fc3e1cad8b907ac5bc7f10.dll,#1
  2⤵
  PID:2948

memory/2948-0-0x00000000002C0000-0x000000000031A000-memory.dmp

Filesize
360KB

Download
memory/2948-1-0x00000000002C0000-0x000000000031A000-memory.dmp

Filesize
360KB

Download