88582df9685d31e84d3112c01469b447add7d74e149636b936ed2f5703083d4f

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 00:42

Target

59d567e926be03afaa6ebeece1c6fbda.dll
Size

12KB
MD5

59d567e926be03afaa6ebeece1c6fbda
SHA1

62d8e0808c0db1e0b555f4e35d09018f18ac32b6
SHA256

88582df9685d31e84d3112c01469b447add7d74e149636b936ed2f5703083d4f
SHA512

2e32f11b2f02c620b33865b07f4adbfdf2795f412b1ff91e3769587df70709e1f027a27e6ccb1b14b80c745f860b9024821c42b47ff7578a39affbae0809493d
SSDEEP

192:n9ppMd/nIRIC8Kx410X8Z5yy05jb8XzScYL6UDOBXYtJ0TpH0Myeqk:nJMd/Avx41KFyu8Hw620x0Mp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2336	2432	rundll32.exe	28
PID 2432 wrote to memory of 2336	2432	rundll32.exe	28
PID 2432 wrote to memory of 2336	2432	rundll32.exe	28
PID 2432 wrote to memory of 2336	2432	rundll32.exe	28
PID 2432 wrote to memory of 2336	2432	rundll32.exe	28
PID 2432 wrote to memory of 2336	2432	rundll32.exe	28
PID 2432 wrote to memory of 2336	2432	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59d567e926be03afaa6ebeece1c6fbda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59d567e926be03afaa6ebeece1c6fbda.dll,#1
  2⤵
  PID:2336

memory/2336-0-0x0000000010000000-0x000000001006C000-memory.dmp

Filesize
432KB

Download