b11608aefeec0fc041543280e7e2419ba35c47203a5825d69959789cc49cdb0d

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 23:53

Target

70e3336fdec1911387d636cdfe9a4725.dll
Size

73KB
MD5

70e3336fdec1911387d636cdfe9a4725
SHA1

5c2f950d39c50a04ce89c6fd4a68209ed9de67be
SHA256

b11608aefeec0fc041543280e7e2419ba35c47203a5825d69959789cc49cdb0d
SHA512

4b777b7256fd54d4e042dfbb4a350962ab564c93df23594bcd7019932215b2354cc5f66ed5ad4266394226e5ecbde00d0e97f5d8d3b86b4acf80bd7129130a62
SSDEEP

1536:de2fXQwGf6xRBJu/gwefgrU6NVN6o9qnInIEclAGW3L6:w2fADf69QYwBA6NVNiOLrL6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2796	2724	rundll32.exe	28
PID 2724 wrote to memory of 2796	2724	rundll32.exe	28
PID 2724 wrote to memory of 2796	2724	rundll32.exe	28
PID 2724 wrote to memory of 2796	2724	rundll32.exe	28
PID 2724 wrote to memory of 2796	2724	rundll32.exe	28
PID 2724 wrote to memory of 2796	2724	rundll32.exe	28
PID 2724 wrote to memory of 2796	2724	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70e3336fdec1911387d636cdfe9a4725.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70e3336fdec1911387d636cdfe9a4725.dll,#1
  2⤵
  PID:2796

memory/2796-0-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download