f01c43559748ac819c4f364fb0fd1ba94ff9e43653b1b0bff38185aaaff90cc2

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 11:11

Target

50674617b4dd1c722a5e9e7723113ba2.dll
Size

666KB
MD5

50674617b4dd1c722a5e9e7723113ba2
SHA1

19ebaf67182af04c0ea43bb44bb4cf7dd4ec1746
SHA256

f01c43559748ac819c4f364fb0fd1ba94ff9e43653b1b0bff38185aaaff90cc2
SHA512

e48520a0efe9195e7f6b33a0d76306501cfc64ef72d2c8a40ee1c696a7b156618475e36c89105d9c58e6a33976958540dac5c73f51859b3a25187bd36b28fb9c
SSDEEP

12288:yCC33ug45I8jWtJ83mfmHp6qpWnPD5gYiSLCMylysV0g900Ab69mXzHt64:4ug4ktWvJ6q8PD5hi9MylX0g9piB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 2436	1628	rundll32.exe	28
PID 1628 wrote to memory of 2436	1628	rundll32.exe	28
PID 1628 wrote to memory of 2436	1628	rundll32.exe	28
PID 1628 wrote to memory of 2436	1628	rundll32.exe	28
PID 1628 wrote to memory of 2436	1628	rundll32.exe	28
PID 1628 wrote to memory of 2436	1628	rundll32.exe	28
PID 1628 wrote to memory of 2436	1628	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50674617b4dd1c722a5e9e7723113ba2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50674617b4dd1c722a5e9e7723113ba2.dll,#1
  2⤵
  PID:2436

memory/2436-0-0x0000000074310000-0x000000007467D000-memory.dmp

Filesize
3.4MB

Download