dc15aa9423268721f837773f5b0ea6f4e7622ac44e17ffeff6084e279ac306de

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 13:38

Target

569b95c67f0094d11ed5a1a1e5f4e79d.dll
Size

14KB
MD5

569b95c67f0094d11ed5a1a1e5f4e79d
SHA1

2b0424fb865e9e9fee2af611feb80abd11e2fe00
SHA256

dc15aa9423268721f837773f5b0ea6f4e7622ac44e17ffeff6084e279ac306de
SHA512

2434062140da23def35643a27313a0f6622066f85a9a2ec6906803e5c48fc72078dd56ff0581470302d3a49e96005a310f7a29e0dfdb09bdc56561180a23d6c7
SSDEEP

384:45Fo790jdvYhS4eoxT68tK08HNzmpBHEVsv+ax:4HoB2dvYhS4eS62K08HN6pBHYgP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2132	2844	rundll32.exe	28
PID 2844 wrote to memory of 2132	2844	rundll32.exe	28
PID 2844 wrote to memory of 2132	2844	rundll32.exe	28
PID 2844 wrote to memory of 2132	2844	rundll32.exe	28
PID 2844 wrote to memory of 2132	2844	rundll32.exe	28
PID 2844 wrote to memory of 2132	2844	rundll32.exe	28
PID 2844 wrote to memory of 2132	2844	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\569b95c67f0094d11ed5a1a1e5f4e79d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\569b95c67f0094d11ed5a1a1e5f4e79d.dll,#1
  2⤵
  PID:2132

memory/2132-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download