c30423b4f338b6ca7952263925127a322447fa985ddbe7afce38960589629c6b

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 03:22

Target

5559894c98a8ef4e42d68449b748424b.dll
Size

242KB
MD5

5559894c98a8ef4e42d68449b748424b
SHA1

e79c4e1f78d1567d0b17ce15a21c6efd4735dcbb
SHA256

c30423b4f338b6ca7952263925127a322447fa985ddbe7afce38960589629c6b
SHA512

500673780122bae8853b3eeef71b189a62d6ac0c5565c71f9e427b64cc770fd6574f8bf3e41651582cc6efe6b37a517b4f27678f25cb64b5a2e809bca2ad9a76
SSDEEP

3072:TVeqvNOeFgxZ9DVVtRBy/EeDXnT8YnT8YnT8uVeqvNOeFgxZ9DVVtRBy/EeDQ:YmkL9DVgBnnMmkL9DVgq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1948	1452	rundll32.exe	28
PID 1452 wrote to memory of 1948	1452	rundll32.exe	28
PID 1452 wrote to memory of 1948	1452	rundll32.exe	28
PID 1452 wrote to memory of 1948	1452	rundll32.exe	28
PID 1452 wrote to memory of 1948	1452	rundll32.exe	28
PID 1452 wrote to memory of 1948	1452	rundll32.exe	28
PID 1452 wrote to memory of 1948	1452	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5559894c98a8ef4e42d68449b748424b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5559894c98a8ef4e42d68449b748424b.dll,#1
  2⤵
  PID:1948

memory/1948-0-0x0000000000130000-0x0000000000146000-memory.dmp

Filesize
88KB

Download