f45f271b032f9fcd17ae8656b647b5b521ad4532fc42cb4d8b94f1029483eab3

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 11:57

Target

58dca8f203130b3a3e36d5d4149c04af.dll
Size

144KB
MD5

58dca8f203130b3a3e36d5d4149c04af
SHA1

d4f7403fb584e0a01ad220d319b61a183946f55b
SHA256

f45f271b032f9fcd17ae8656b647b5b521ad4532fc42cb4d8b94f1029483eab3
SHA512

ed495528290d314910231b149baa26d043ad7498d581bcda2fb1c8f100c7c700c0fed4715317367848b097dd2c2dbc910b173c5bb3a022ec60db208e20a32d77
SSDEEP

1536:uIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroVsW:7tvBOI+FQny5R6nG//SdaZwmssW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 3048	2148	rundll32.exe	28
PID 2148 wrote to memory of 3048	2148	rundll32.exe	28
PID 2148 wrote to memory of 3048	2148	rundll32.exe	28
PID 2148 wrote to memory of 3048	2148	rundll32.exe	28
PID 2148 wrote to memory of 3048	2148	rundll32.exe	28
PID 2148 wrote to memory of 3048	2148	rundll32.exe	28
PID 2148 wrote to memory of 3048	2148	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58dca8f203130b3a3e36d5d4149c04af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58dca8f203130b3a3e36d5d4149c04af.dll,#1
  2⤵
  PID:3048

memory/3048-0-0x000000007C120000-0x000000007C148000-memory.dmp

Filesize
160KB

Download