d10af10bb1fef55e91b3f7bbb70192f309173af1c36246a3324bae78d4b582e9

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 10:50 UTC

Target

676fae30544e680f959a7665d8773afa.dll
Size

175KB
MD5

676fae30544e680f959a7665d8773afa
SHA1

04c2e106ce2603ac954c5cf1ae812a5c4d952e2d
SHA256

d10af10bb1fef55e91b3f7bbb70192f309173af1c36246a3324bae78d4b582e9
SHA512

8f053985fe0f9764ba92cd4f98f9cf7e937abe734fe8d6f340ab973c2a69fe0e40c6193bba7ff850ff1694064a1bb0465610a7f7555fa40cefdf89c7b5e3d67b
SSDEEP

3072:ZDTeGF7Ms6wUDrhou9pFaN9tEowIzS8zlXZU54JZI6mM2U6k2X94hW2otKUgwXYN:8iMs6Bhouj/o1OA5ZUa8MX29vOUgwI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\676fae30544e680f959a7665d8773afa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\676fae30544e680f959a7665d8773afa.dll,#1
  2⤵
  PID:1516

memory/1516-1-0x0000000000120000-0x000000000012A000-memory.dmp

Filesize
40KB

Download
memory/1516-0-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/1516-5-0x0000000000120000-0x000000000012A000-memory.dmp

Filesize
40KB

Download
memory/1516-7-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download