b4bd8e5aa0af0bb20f7653f8492183c939c3a6cc3c0f3c3e4e09185fbcaf922a

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 15:49

Target

b4bd8e5aa0af0bb20f7653f8492183c939c3a6cc3c0f3c3e4e09185fbcaf922a.dll
Size

69KB
MD5

16b24f5466fd1ffd7173484ff2f315fb
SHA1

5eed4f32f75c357ba9697ebede3a9ff08d1470cd
SHA256

b4bd8e5aa0af0bb20f7653f8492183c939c3a6cc3c0f3c3e4e09185fbcaf922a
SHA512

84e1389fb46a1e4119151698b96ed66eccc5b02c6b0dc486ec90307ccc3f229eaaa3cf79566a7942fc3b578a33617711d974c3a7004013e456de5b13c3cf1992
SSDEEP

1536:Jby5+4NcVNuNa3H6Abv95TS6eYBZ8BOSKEVmVL1DUc:JbyziVNF6G95TS6eYBZ8BOJEV0L1DUc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2180	2156	rundll32.exe	28
PID 2156 wrote to memory of 2180	2156	rundll32.exe	28
PID 2156 wrote to memory of 2180	2156	rundll32.exe	28
PID 2156 wrote to memory of 2180	2156	rundll32.exe	28
PID 2156 wrote to memory of 2180	2156	rundll32.exe	28
PID 2156 wrote to memory of 2180	2156	rundll32.exe	28
PID 2156 wrote to memory of 2180	2156	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4bd8e5aa0af0bb20f7653f8492183c939c3a6cc3c0f3c3e4e09185fbcaf922a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4bd8e5aa0af0bb20f7653f8492183c939c3a6cc3c0f3c3e4e09185fbcaf922a.dll,#1
  2⤵
  PID:2180