96ccf04bd84f96359a2876d3204697ce5aa20dbb62365fa17d265511d6f7c9a6

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 17:41

Target

683dd6fbc6c86b24863d2a54016fb94f.dll
Size

106KB
MD5

683dd6fbc6c86b24863d2a54016fb94f
SHA1

0f9c319a5c4c9c91310113af221a8777064d4fae
SHA256

96ccf04bd84f96359a2876d3204697ce5aa20dbb62365fa17d265511d6f7c9a6
SHA512

ddbebc08e879780811604d9a3b9df9664cda8ad6971a0faee50b9c81323449040089a7664737bee339a381ff2f152ec7420355984216316dd5c0ea4bf6496b4d
SSDEEP

3072:kajVVWR9a39WuNN26E0Rc8pusobWKQh+srJ1gkip6jby88:lVMHiN24Xuj5QQ8JmY8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2144	2080	rundll32.exe	16
PID 2080 wrote to memory of 2144	2080	rundll32.exe	16
PID 2080 wrote to memory of 2144	2080	rundll32.exe	16
PID 2080 wrote to memory of 2144	2080	rundll32.exe	16
PID 2080 wrote to memory of 2144	2080	rundll32.exe	16
PID 2080 wrote to memory of 2144	2080	rundll32.exe	16
PID 2080 wrote to memory of 2144	2080	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\683dd6fbc6c86b24863d2a54016fb94f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\683dd6fbc6c86b24863d2a54016fb94f.dll,#1
  2⤵
  PID:2144

memory/2144-0-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/2144-1-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/2144-2-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download