d8a50e361a477b2f269b2a66fad09b789253bae32b253751773e0369a233100a

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 02:56

Target

738d50dc0dae0a4d05d6837e68d988d8.dll
Size

89KB
MD5

738d50dc0dae0a4d05d6837e68d988d8
SHA1

805901e3fd9ef7cd8b0abf046e94db79d90bb61a
SHA256

d8a50e361a477b2f269b2a66fad09b789253bae32b253751773e0369a233100a
SHA512

445f932b1d7c1da4fd94c70ff43365d77aa8c326a2ae7beaff46eea1e838df4fbaee83f490e9ba7cfc4883b5f08c7b1468c30ad531a8622f1b47de38e10b2a85
SSDEEP

1536:3xDJUblGuKOsKuMVp+yWigUK46CweMrGhNuL5SVHZVHW9TV:hDujnU8p+yWQn6R9TV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1916	3052	rundll32.exe	29
PID 3052 wrote to memory of 1916	3052	rundll32.exe	29
PID 3052 wrote to memory of 1916	3052	rundll32.exe	29
PID 3052 wrote to memory of 1916	3052	rundll32.exe	29
PID 3052 wrote to memory of 1916	3052	rundll32.exe	29
PID 3052 wrote to memory of 1916	3052	rundll32.exe	29
PID 3052 wrote to memory of 1916	3052	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\738d50dc0dae0a4d05d6837e68d988d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\738d50dc0dae0a4d05d6837e68d988d8.dll,#1
  2⤵
  PID:1916