1bcdb74500801ec17c01da6f8aadabd586e5c71dfe8219ad7fb54f5627fa6882

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 08:24

Target

743397ab4661f86dc3590dfc4f239a50.dll
Size

71KB
MD5

743397ab4661f86dc3590dfc4f239a50
SHA1

0be86694ca9f3a9ed70bf98af2057f048c2a63a4
SHA256

1bcdb74500801ec17c01da6f8aadabd586e5c71dfe8219ad7fb54f5627fa6882
SHA512

1f251fdbd914f9dbe832cbf1e7d92a5f922bf0f1397af4943977024e546eb03d64ce021ed7d0a5046e291a2189bdadbf0c4869b328329ef4a0372d2a04dc8ecb
SSDEEP

1536:lTD+K/8sPtAc78ShTPh9sOpZBwF+KuFdTA2rbIqRhcSFtUd8LHJ:l/tksPtAc7v9PpI0FdTguhttUeHJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1884	1940	rundll32.exe	16
PID 1940 wrote to memory of 1884	1940	rundll32.exe	16
PID 1940 wrote to memory of 1884	1940	rundll32.exe	16
PID 1940 wrote to memory of 1884	1940	rundll32.exe	16
PID 1940 wrote to memory of 1884	1940	rundll32.exe	16
PID 1940 wrote to memory of 1884	1940	rundll32.exe	16
PID 1940 wrote to memory of 1884	1940	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\743397ab4661f86dc3590dfc4f239a50.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\743397ab4661f86dc3590dfc4f239a50.dll,#1
  2⤵
  PID:1884

memory/1884-3-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1884-2-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1884-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1884-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download