44f91f32e05db2e3f416d38adcb91132595db708fb006067156f43ad153bf2b4

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:41

Target

751f03f1061963745513524a3a70ba13.dll
Size

114KB
MD5

751f03f1061963745513524a3a70ba13
SHA1

8d9a1ad51d2e9b1f55f7a0a85dea49f5c476a458
SHA256

44f91f32e05db2e3f416d38adcb91132595db708fb006067156f43ad153bf2b4
SHA512

6ec091668a849b23c6ed5d52effcfdaec14f944a7f3bac2574909a558fe84a0b131831c5657ac3f86d8f52793fa1d72b060a1d0c5ead4acc672c1f78c36650f1
SSDEEP

1536:VIRII1IjkuvfZ/AuwYEEllZ0nigglbwLF3nG0NXPazs+6nCW8tKqZdrs/IeOwQ13:VV28xvfGMT66Kys+6nCWaEpQp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2420 wrote to memory of 2044	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 2044	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 2044	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 2044	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 2044	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 2044	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 2044	2420	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\751f03f1061963745513524a3a70ba13.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2420

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\751f03f1061963745513524a3a70ba13.dll,#1
2⤵
PID:2044

memory/2044-0-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download
memory/2044-1-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download