c26e35e2e04fd02dca61a8cf8982f08127cc1c09d7a09812f9a7d628cde052b9

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 12:02

Target

5b30c1e9c5d4ea067b9fbaee0a1df7e4.dll
Size

318KB
MD5

5b30c1e9c5d4ea067b9fbaee0a1df7e4
SHA1

08162834c2e221f622e82669f4a62925ba989989
SHA256

c26e35e2e04fd02dca61a8cf8982f08127cc1c09d7a09812f9a7d628cde052b9
SHA512

e969bce536d4ce6368863cff1cfc1dbfe7eb484c7eb31ee7a59de34f84bc00533a8d37e9f48a9ec042eaebf83258431ccb606403350da89dd000c3d4075fa6ba
SSDEEP

6144:c5jnK3n3Dhpvv0ZPylfVIKqx3k/gH755nuAiPdrKIJf8CugqmksvNv/tAON82Iih:c5jnK3nThpvv0ZyVVId3k/GMN7NHyS8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2484	3032	rundll32.exe	28
PID 3032 wrote to memory of 2484	3032	rundll32.exe	28
PID 3032 wrote to memory of 2484	3032	rundll32.exe	28
PID 3032 wrote to memory of 2484	3032	rundll32.exe	28
PID 3032 wrote to memory of 2484	3032	rundll32.exe	28
PID 3032 wrote to memory of 2484	3032	rundll32.exe	28
PID 3032 wrote to memory of 2484	3032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b30c1e9c5d4ea067b9fbaee0a1df7e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b30c1e9c5d4ea067b9fbaee0a1df7e4.dll,#1
  2⤵
  PID:2484

memory/2484-0-0x00000000000B0000-0x00000000000BB000-memory.dmp

Filesize
44KB

Download
memory/2484-1-0x0000000010000000-0x0000000010055000-memory.dmp

Filesize
340KB

Download