65ce04577281dd6a443f3cb1991299a9e56bad0e168d9a64d7b9e4209fcc8621

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 02:14

Target

57b7f6918669542a0b87ef4391f003d9.dll
Size

319KB
MD5

57b7f6918669542a0b87ef4391f003d9
SHA1

d1bfcdd638912dfc935b1af02e57d598d9b56b5e
SHA256

65ce04577281dd6a443f3cb1991299a9e56bad0e168d9a64d7b9e4209fcc8621
SHA512

5e177b1ed545d70081914dbf3c1a788cb10f73afcd643ba7c28ce80a460a18a91915554f018aaef23d63acf5888615e91b98b335f4a57d8b53196cd18b6f3db3
SSDEEP

6144:keavMJezDG7J0yUb8AtsI+LvcHjbzzBWWBcCys52I6jIDavXg:J2MwzCFOBtQvmHzwScCII6UavXg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2012	1948	rundll32.exe	14
PID 1948 wrote to memory of 2012	1948	rundll32.exe	14
PID 1948 wrote to memory of 2012	1948	rundll32.exe	14
PID 1948 wrote to memory of 2012	1948	rundll32.exe	14
PID 1948 wrote to memory of 2012	1948	rundll32.exe	14
PID 1948 wrote to memory of 2012	1948	rundll32.exe	14
PID 1948 wrote to memory of 2012	1948	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57b7f6918669542a0b87ef4391f003d9.dll,#1
1⤵
PID:2012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57b7f6918669542a0b87ef4391f003d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948