011af8372c10a904882b446dd8b200311d697031420bb25da10b9721900b681c

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 10:34

Target

50539abe1256dfe3c21b34e39e2076fb.dll
Size

152KB
MD5

50539abe1256dfe3c21b34e39e2076fb
SHA1

3eab4b33d2f687f63380db179be9fa50ff43e9d3
SHA256

011af8372c10a904882b446dd8b200311d697031420bb25da10b9721900b681c
SHA512

8227c6db11317f3c27c2953e605ca6f9f540bb3eec157641c21eea6c40fb5ff8ea3f38c3997802473f18353ecc78d08a6477eb8d94f716fc2788f706f5d852c3
SSDEEP

3072:X0cGfVKTkdu+TwxL8dNN6yHQF8kOVniNllBAB1g7MweAVPtK5MEj4CYNZsE:XAfVKawqd7HQmdellBAB1ggweAhg5DUX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 3008	1988	rundll32.exe	16
PID 1988 wrote to memory of 3008	1988	rundll32.exe	16
PID 1988 wrote to memory of 3008	1988	rundll32.exe	16
PID 1988 wrote to memory of 3008	1988	rundll32.exe	16
PID 1988 wrote to memory of 3008	1988	rundll32.exe	16
PID 1988 wrote to memory of 3008	1988	rundll32.exe	16
PID 1988 wrote to memory of 3008	1988	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50539abe1256dfe3c21b34e39e2076fb.dll,#1
1⤵
PID:3008

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50539abe1256dfe3c21b34e39e2076fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1988