21c7e0e2a1819b0611133684eaa18b032662d8a7f394f25787c540369eb26539

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 20:00

Target

706f78cb25f10893f557bfa0a6740bb8.dll
Size

67KB
MD5

706f78cb25f10893f557bfa0a6740bb8
SHA1

71596b7776a5072e82c5a282801057f9cbccd069
SHA256

21c7e0e2a1819b0611133684eaa18b032662d8a7f394f25787c540369eb26539
SHA512

e56a08d50e544c0711edf07092c400bbcfe501c2d46e9143fcb897075eac8c9dd5ad95e62cf5bb2558f041cbe66b219d749900f423dc9570ae3772678a1797d2
SSDEEP

1536:FQzm0/BcVDpA+fkrNEWEWJItFDXURxoyih5AT:FmmacfuhJIjXyihuT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\706f78cb25f10893f557bfa0a6740bb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\706f78cb25f10893f557bfa0a6740bb8.dll,#1
  2⤵
  PID:2204

memory/2204-0-0x0000000000100000-0x0000000000113000-memory.dmp

Filesize
76KB

Download
memory/2204-1-0x0000000000100000-0x0000000000113000-memory.dmp

Filesize
76KB

Download
memory/2204-2-0x0000000000100000-0x0000000000113000-memory.dmp

Filesize
76KB

Download
memory/2204-3-0x0000000000100000-0x0000000000113000-memory.dmp

Filesize
76KB

Download
memory/2204-4-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download
memory/2204-5-0x0000000000100000-0x0000000000106000-memory.dmp

Filesize
24KB

Download