9ceccfa46e05b5fcac1f2e70506d4ef4e3894b2dbac6262d69dd2c80bd727027

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 14:25

Target

67d8c00f09043f84ab79b1850aa78e22.dll
Size

296KB
MD5

67d8c00f09043f84ab79b1850aa78e22
SHA1

50241d24e751105a8acaedf069a13c9f2d27df61
SHA256

9ceccfa46e05b5fcac1f2e70506d4ef4e3894b2dbac6262d69dd2c80bd727027
SHA512

34d6ff74ba4a8a2ba78956223c33d689e87b0a5cae4d1fc9fac24176bbacf047faf39579f805c1b9c6bddeeabf47f46d554dfe5892757b959bc610f26e6e18ee
SSDEEP

6144:PrBgLyuERC0g1q+Cx7OJedJCMff8zdbMVhpmBfO8nRbP18lu14cAkRTKYcj2:diynRDbxu8JCM30dMVhsfDbd8+Z02

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67d8c00f09043f84ab79b1850aa78e22.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67d8c00f09043f84ab79b1850aa78e22.dll,#1
  2⤵
  PID:2932

memory/2932-0-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/2932-1-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/2932-2-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/2932-3-0x00000000000B0000-0x00000000000B5000-memory.dmp

Filesize
20KB

Download