73f5e0dfdc7a4c0f4dda1c6c648b68504cccfb540eb9511440b64af4ab912fbd

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 14:13

Target

727326376ec7411b3aebadce20f72c8f.dll
Size

220KB
MD5

727326376ec7411b3aebadce20f72c8f
SHA1

ca06830108ec8a8b19cf3c7eec13779075e14a4f
SHA256

73f5e0dfdc7a4c0f4dda1c6c648b68504cccfb540eb9511440b64af4ab912fbd
SHA512

bed4aa3687b976645e36a362dde607f5ced491192111a74584ef37df12500fd5625c1f36002d35fcd33cf9702f9cae31d0440c4a67ff1127bb12674c9ba0adda
SSDEEP

3072:4PvSbRoxU4gUp936k/2GI22xwx/56DAmujUZZ/NhZCKKRC29TKRKAWjnv/bGtxF/:6FsZn2iRnIl3iRhv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 1352	2096	rundll32.exe	28
PID 2096 wrote to memory of 1352	2096	rundll32.exe	28
PID 2096 wrote to memory of 1352	2096	rundll32.exe	28
PID 2096 wrote to memory of 1352	2096	rundll32.exe	28
PID 2096 wrote to memory of 1352	2096	rundll32.exe	28
PID 2096 wrote to memory of 1352	2096	rundll32.exe	28
PID 2096 wrote to memory of 1352	2096	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\727326376ec7411b3aebadce20f72c8f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\727326376ec7411b3aebadce20f72c8f.dll,#1
  2⤵
  PID:1352