670c113e8204f21ea3ec142041f46213bf03e8f747296b8edcc445e8f9def5c3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 09:05

Target

4de7e6e3b9738bf727b27f84f9075696.dll
Size

29KB
MD5

4de7e6e3b9738bf727b27f84f9075696
SHA1

961f99584dd3db6914462b386bd71163b1870ba9
SHA256

670c113e8204f21ea3ec142041f46213bf03e8f747296b8edcc445e8f9def5c3
SHA512

2128225132855239fc75d6ad5097511e5cba4bc9cdcb7afba456e9149225412ab678f7df645d8667cb8ef69badeb47290797419bf3aaa29b09621714b8cceec9
SSDEEP

192:6c+ww1b4KcJMkWtjelWhOSxC+ebCf3EkQpkqs1IPMyowJL/N1Gbs:mb4XBWtilWJx0bCf1qMYJL6o

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2940	2416	rundll32.exe	28
PID 2416 wrote to memory of 2940	2416	rundll32.exe	28
PID 2416 wrote to memory of 2940	2416	rundll32.exe	28
PID 2416 wrote to memory of 2940	2416	rundll32.exe	28
PID 2416 wrote to memory of 2940	2416	rundll32.exe	28
PID 2416 wrote to memory of 2940	2416	rundll32.exe	28
PID 2416 wrote to memory of 2940	2416	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4de7e6e3b9738bf727b27f84f9075696.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4de7e6e3b9738bf727b27f84f9075696.dll,#1
  2⤵
  PID:2940