38d871ab2f66677316e790fa919b1586f73ff901581e4ca5f147dd465d90bcab

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 02:40

Target

6443d2e902b33ff21f2b7950917ea224.dll
Size

62KB
MD5

6443d2e902b33ff21f2b7950917ea224
SHA1

0ba20bbf684bb212857cc6ffe2579823c212da04
SHA256

38d871ab2f66677316e790fa919b1586f73ff901581e4ca5f147dd465d90bcab
SHA512

6d894de19ee309385f62fcec42fbe795081ad53445e5bbcc25a953c80ca1c67529490f77877cb538c3fcd8a9270b20b46c2c8a4d8017bddf8d4778d97ff6f898
SSDEEP

1536:ms4p4b+mZEHWa9HewG9ZEvLr/JgITvyl1SNHjwaY32+qy:v4MwBG9OvfBg2yl12Hi32+qy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2188	1796	rundll32.exe	28
PID 1796 wrote to memory of 2188	1796	rundll32.exe	28
PID 1796 wrote to memory of 2188	1796	rundll32.exe	28
PID 1796 wrote to memory of 2188	1796	rundll32.exe	28
PID 1796 wrote to memory of 2188	1796	rundll32.exe	28
PID 1796 wrote to memory of 2188	1796	rundll32.exe	28
PID 1796 wrote to memory of 2188	1796	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6443d2e902b33ff21f2b7950917ea224.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6443d2e902b33ff21f2b7950917ea224.dll,#1
  2⤵
  PID:2188

memory/2188-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2188-1-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download