ecddcc098193b1c9da81454e25a9d34d9e7ac3e4882fb008756acb3d9889d8f4

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 15:53

Target

50fc6241e3fbb15e0383b8072c28ad87.dll
Size

318KB
MD5

50fc6241e3fbb15e0383b8072c28ad87
SHA1

53d85cf93dddd91e8150b556822efe138ed69cae
SHA256

ecddcc098193b1c9da81454e25a9d34d9e7ac3e4882fb008756acb3d9889d8f4
SHA512

45a33da263e0f9ca52d9fc4e02147705714113dc3a37af9f0ff74037a546df8f2e11d1f1bee215792d0d9e3edbdb322fd9e16a69c52c9d4ac46d3dff35781eee
SSDEEP

6144:2rcAJ6BtNsQmbqr9kyFJ5QuWOzHtcCUcDiWPLYjFuLKKWQwsCchENz3Aw50K:2r56nGhqRkLOzNRUi7TmKnfhEawZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2896	2480	rundll32.exe	16
PID 2480 wrote to memory of 2896	2480	rundll32.exe	16
PID 2480 wrote to memory of 2896	2480	rundll32.exe	16
PID 2480 wrote to memory of 2896	2480	rundll32.exe	16
PID 2480 wrote to memory of 2896	2480	rundll32.exe	16
PID 2480 wrote to memory of 2896	2480	rundll32.exe	16
PID 2480 wrote to memory of 2896	2480	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50fc6241e3fbb15e0383b8072c28ad87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50fc6241e3fbb15e0383b8072c28ad87.dll,#1
  2⤵
  PID:2896