8e6bea57c4198743a00c3701c07109e45b1eae466466e3bd4e4201e9ca01cc65

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 05:11

Target

5a5dde7b26ff91aef0dc1528a839b3cb.dll
Size

25KB
MD5

5a5dde7b26ff91aef0dc1528a839b3cb
SHA1

fb17354ef4055c188282d66c89cebddb261e7f16
SHA256

8e6bea57c4198743a00c3701c07109e45b1eae466466e3bd4e4201e9ca01cc65
SHA512

fe32f0efbb19b57aba407f5273168e1175babefe307bf8ebbd6f2edfa812dc971eece5ba623a0899c81bcea4206b4dc25542f1e3f06f68939b29c8d6a257cc25
SSDEEP

384:AuBKxYsH8/hjkY4kZNMOD/UY+6tGA9afV9UVoSX2M/JsAwV2a2XWJCxE:BBBjBHjD/Uz6hy9UBs7V2Rmp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2128	1704	rundll32.exe	22
PID 1704 wrote to memory of 2128	1704	rundll32.exe	22
PID 1704 wrote to memory of 2128	1704	rundll32.exe	22
PID 1704 wrote to memory of 2128	1704	rundll32.exe	22
PID 1704 wrote to memory of 2128	1704	rundll32.exe	22
PID 1704 wrote to memory of 2128	1704	rundll32.exe	22
PID 1704 wrote to memory of 2128	1704	rundll32.exe	22

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a5dde7b26ff91aef0dc1528a839b3cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a5dde7b26ff91aef0dc1528a839b3cb.dll,#1
  2⤵
  PID:2128