42a0a77d26cf2e15e0273fdf7dcc749b8777801c913ed559660ecf99b02a51e7

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 23:55

Target

59bcf3ffb7bb646d5daf4717886e0e53.dll
Size

156KB
MD5

59bcf3ffb7bb646d5daf4717886e0e53
SHA1

33ad373f7b25519db7924db899580abc77700d1e
SHA256

42a0a77d26cf2e15e0273fdf7dcc749b8777801c913ed559660ecf99b02a51e7
SHA512

444cc627e64380c4f7fe40051001063405468dbe2f484c7a11f11ab298f2395059edb3f89bb222d08fdcd8a8b0a47c5f18206d98a8506c4d1371bfc1ff762c6f
SSDEEP

3072:s1LE8flJGokCVARkV517lP2MbEdL8Rrpf30cIFxWSnbkbyPOUrMiPGp2G08zOlVE:7OG94517lOMEERNIFx2N2IzOlVqj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1660	2928	rundll32.exe	28
PID 2928 wrote to memory of 1660	2928	rundll32.exe	28
PID 2928 wrote to memory of 1660	2928	rundll32.exe	28
PID 2928 wrote to memory of 1660	2928	rundll32.exe	28
PID 2928 wrote to memory of 1660	2928	rundll32.exe	28
PID 2928 wrote to memory of 1660	2928	rundll32.exe	28
PID 2928 wrote to memory of 1660	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bcf3ffb7bb646d5daf4717886e0e53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bcf3ffb7bb646d5daf4717886e0e53.dll,#1
  2⤵
  PID:1660