03fd98d8ce61ad6016d6e61afc2b766f6c60780b66d4995a2aca8bbebc152438

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 02:49

Target

57c946fc90fa6e8b36616e0999087c45.dll
Size

19KB
MD5

57c946fc90fa6e8b36616e0999087c45
SHA1

d4e3bae44293e70c5cce0c06bd2267e866480e10
SHA256

03fd98d8ce61ad6016d6e61afc2b766f6c60780b66d4995a2aca8bbebc152438
SHA512

17e0568e63d88abf5a8915f6c3db4870d0848e85a093127969840d92f87dfd11fdd4fcc3b092f4a7c5bd76e98c832b7de555f17ad2df2eb9df7bd5feab37cdf2
SSDEEP

192:njeCgZocf9LCyvyQP+2mFCXK2pwqCffMeUS5zA/O7pQ88bjGNuMmajPcNM5cFYZz:jeZZRvHWfZ5MG7pSktkP0zDWyTGkW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1936	2332	rundll32.exe	28
PID 2332 wrote to memory of 1936	2332	rundll32.exe	28
PID 2332 wrote to memory of 1936	2332	rundll32.exe	28
PID 2332 wrote to memory of 1936	2332	rundll32.exe	28
PID 2332 wrote to memory of 1936	2332	rundll32.exe	28
PID 2332 wrote to memory of 1936	2332	rundll32.exe	28
PID 2332 wrote to memory of 1936	2332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c946fc90fa6e8b36616e0999087c45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c946fc90fa6e8b36616e0999087c45.dll,#1
  2⤵
  PID:1936

memory/1936-0-0x00000000000C0000-0x00000000000D2000-memory.dmp

Filesize
72KB

Download
memory/1936-1-0x00000000000C0000-0x00000000000D2000-memory.dmp

Filesize
72KB

Download