d4a1016078a34ae5391b45f059d00c9ecc9f5413a5aed76cc7b9098544379734

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 10:42

Target

676abb71a2ecf04669c1c7121b4faf76.dll
Size

12KB
MD5

676abb71a2ecf04669c1c7121b4faf76
SHA1

69a6f2f3cf3d82ab10c49c66f8786ef83be27fcf
SHA256

d4a1016078a34ae5391b45f059d00c9ecc9f5413a5aed76cc7b9098544379734
SHA512

e7e8de15d3ce04edc269afae614bf51cc57d5af5fe1c20cc3d985eaf2a64b0a08f0e0c1c9f72126b32b514d7233997cc0e317210f149c7c1441490c67b63897d
SSDEEP

192:cKBV9TFtPGHtDxCzqLBUMIIxtqGE5YldRH+rkWxpBnHk7reWGW37frR:cKr9LPGBUMPDcWdd9IpBniyWGW37d

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 2344	1256	rundll32.exe	28
PID 1256 wrote to memory of 2344	1256	rundll32.exe	28
PID 1256 wrote to memory of 2344	1256	rundll32.exe	28
PID 1256 wrote to memory of 2344	1256	rundll32.exe	28
PID 1256 wrote to memory of 2344	1256	rundll32.exe	28
PID 1256 wrote to memory of 2344	1256	rundll32.exe	28
PID 1256 wrote to memory of 2344	1256	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\676abb71a2ecf04669c1c7121b4faf76.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\676abb71a2ecf04669c1c7121b4faf76.dll,#1
  2⤵
  PID:2344

memory/2344-0-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download