2fe56bf9744e34ea420505c18bcbc238679d324853928e8bfc593c993b2d30bd

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 11:49

Target

536fcd477cd3d59c549ad55b6231e4d4.dll
Size

7KB
MD5

536fcd477cd3d59c549ad55b6231e4d4
SHA1

fbe61dba6573c282683508103124e785ab8cbc24
SHA256

2fe56bf9744e34ea420505c18bcbc238679d324853928e8bfc593c993b2d30bd
SHA512

aae216f99a160d17482b9621a1d7e6a7a40b29b401f2d9e05bad87bac8a95ee5472eef30e90b9bb5445a6562f322a50018b51f8c75256b4edab552127c9a5c46
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPW+PbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPHUq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2144	2080	rundll32.exe	28
PID 2080 wrote to memory of 2144	2080	rundll32.exe	28
PID 2080 wrote to memory of 2144	2080	rundll32.exe	28
PID 2080 wrote to memory of 2144	2080	rundll32.exe	28
PID 2080 wrote to memory of 2144	2080	rundll32.exe	28
PID 2080 wrote to memory of 2144	2080	rundll32.exe	28
PID 2080 wrote to memory of 2144	2080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\536fcd477cd3d59c549ad55b6231e4d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\536fcd477cd3d59c549ad55b6231e4d4.dll,#1
  2⤵
  PID:2144