115aaf8823403ae5c858e76fc8f98dc8cfd9c9766e92a87ed8b5d64ecb64da7c

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 00:02

Target

51fc987a2fdbd70eefde9413e936204d.dll
Size

136KB
MD5

51fc987a2fdbd70eefde9413e936204d
SHA1

538999f0ee5bf4bc0a786917e5075bdd20c512c6
SHA256

115aaf8823403ae5c858e76fc8f98dc8cfd9c9766e92a87ed8b5d64ecb64da7c
SHA512

6a442dd505f8d241876a5ecaf743f39735b2e3f963392839cc83cadb99c565b2d05ee1388144bfe40ae807eb2026dfcc1dcee6ee72f85966231c494d7e5cbf77
SSDEEP

1536:bB8oI7VeNzqrh28H16pNyyDIkGkXQjC+ncb65nsWjcdKgvJTzyP/yQ:bCN7VsV7NTAW+SKgvJTuP/J

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1164	3052	rundll32.exe	28
PID 3052 wrote to memory of 1164	3052	rundll32.exe	28
PID 3052 wrote to memory of 1164	3052	rundll32.exe	28
PID 3052 wrote to memory of 1164	3052	rundll32.exe	28
PID 3052 wrote to memory of 1164	3052	rundll32.exe	28
PID 3052 wrote to memory of 1164	3052	rundll32.exe	28
PID 3052 wrote to memory of 1164	3052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\51fc987a2fdbd70eefde9413e936204d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\51fc987a2fdbd70eefde9413e936204d.dll,#1
  2⤵
  PID:1164