bf1dfa56817e8645aab3a787f60324a18607af743148e66ff0f6b3bf1513b907

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 12:55

Target

67ac108cb77b791aa3938c9ec341e14a.dll
Size

88KB
MD5

67ac108cb77b791aa3938c9ec341e14a
SHA1

2b120d255636528e29512f46126479d5d8ee53a8
SHA256

bf1dfa56817e8645aab3a787f60324a18607af743148e66ff0f6b3bf1513b907
SHA512

4d7fdb9da808bf2c4d91616f01ac649e4f9acc68d4a85b6f14bc4a6c93793010410964c9eabad216a69d56662b9c3a2a0468ddff821e7897b3e6f5ab25e4ec68
SSDEEP

1536:NjQ8TRxbC9uKc4s6RP0auQK8+4Vm+9F31SvgTB/8pr3I+2zokVobRGXR3HBHW/mB:NFRxbC9uKtsusbj4tTlSvgTB/or32zoE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2240	2276	rundll32.exe	28
PID 2276 wrote to memory of 2240	2276	rundll32.exe	28
PID 2276 wrote to memory of 2240	2276	rundll32.exe	28
PID 2276 wrote to memory of 2240	2276	rundll32.exe	28
PID 2276 wrote to memory of 2240	2276	rundll32.exe	28
PID 2276 wrote to memory of 2240	2276	rundll32.exe	28
PID 2276 wrote to memory of 2240	2276	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67ac108cb77b791aa3938c9ec341e14a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67ac108cb77b791aa3938c9ec341e14a.dll,#1
  2⤵
  PID:2240

memory/2240-0-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download
memory/2240-1-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download
memory/2240-2-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download