5772716756babc089bfe4994941aaea7b47749c62653e174c807e182067ee7b9

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 07:58

Target

5ab5d1c4f6f4125f9038b4bb24d428ec.dll
Size

12KB
MD5

5ab5d1c4f6f4125f9038b4bb24d428ec
SHA1

cb910b4434c0a04b5670700e1c6a63c60bdd28ea
SHA256

5772716756babc089bfe4994941aaea7b47749c62653e174c807e182067ee7b9
SHA512

25864ff7ecacc73a5c2a64570eb111f73f40ba776665e9d591210228aaff9ed82af0ac2ddaba4e3c1dcf728c577c26af066c95556edcdeb4d2a7dd66b9bce479
SSDEEP

192:YbjRu+r0roaELJBQtjYNM/e4CNtVynKy5a4ytXHP8fPxO/Knskk+3g0qDUUHxv:A2HjQuClkK9kYBRv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1948	2404	rundll32.exe	28
PID 2404 wrote to memory of 1948	2404	rundll32.exe	28
PID 2404 wrote to memory of 1948	2404	rundll32.exe	28
PID 2404 wrote to memory of 1948	2404	rundll32.exe	28
PID 2404 wrote to memory of 1948	2404	rundll32.exe	28
PID 2404 wrote to memory of 1948	2404	rundll32.exe	28
PID 2404 wrote to memory of 1948	2404	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab5d1c4f6f4125f9038b4bb24d428ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab5d1c4f6f4125f9038b4bb24d428ec.dll,#1
  2⤵
  PID:1948