3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 15:54

Target

3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll
Size

4.2MB
MD5

6ef2d1efc6e761f75636142a2c97b338
SHA1

e9b0e9d90a1f71034b183e95ed44f8b83a3223d7
SHA256

3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01
SHA512

4f104488fe38830cf2a7ce831112559d298e065a4b7f67274d44817e16dc2070cbb58790912f95f1544ee316f62dcbf4ca11b7a88998aaa98f77742989416b59
SSDEEP

98304:QSPoqTClkK2h0F9FuUlcmCNvnYPGTjda2RkQAz5cMZ6BBsu:QSPoEClkKDjFuUNmYPyRRAz5zsBs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 836 wrote to memory of 2308	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 2308	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 2308	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 2308	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 2308	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 2308	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 2308	836	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll,#1
2⤵
PID:2308