258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:02

Target

258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll
Size

781KB
MD5

76f188e59e4f5b4622bc359c7135d6c8
SHA1

44eea3b792514b6dc1016d93a429995231b9af33
SHA256

258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20
SHA512

47e912391290fe1d0e87c782a6e0c9721ff4831e8395591ac8958832fbff51157cf6927a5c56214a538ee2a74a96f72d7faedfd5d88be690c1dc54eb561198d4
SSDEEP

12288:EXW8QUvQMrz9SLItr2taMUQ3BucGOLVgzsmA74Y4VZGUFc:Z8NhSLItytaK3BuXOhgoqY4ZG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2964 wrote to memory of 1912	2964	rundll32.exe	rundll32.exe
PID 2964 wrote to memory of 1912	2964	rundll32.exe	rundll32.exe
PID 2964 wrote to memory of 1912	2964	rundll32.exe	rundll32.exe
PID 2964 wrote to memory of 1912	2964	rundll32.exe	rundll32.exe
PID 2964 wrote to memory of 1912	2964	rundll32.exe	rundll32.exe
PID 2964 wrote to memory of 1912	2964	rundll32.exe	rundll32.exe
PID 2964 wrote to memory of 1912	2964	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll,#1
2⤵
PID:1912