3f2bffa8f148666bbc88ccd7057df00b31033703553dad5153e060c4860d1601

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 06:46

Target

76ab1f3eee289e227b389f879e9f50fb.dll
Size

40KB
MD5

76ab1f3eee289e227b389f879e9f50fb
SHA1

637d6ec27f6b07724b9025bd5fea85feb59527b1
SHA256

3f2bffa8f148666bbc88ccd7057df00b31033703553dad5153e060c4860d1601
SHA512

ae9ad1beed21fb203ef955205956ac903377b4dfb54a3fefeccf84093fe2f891de22ce84377bda9f9ee978fd36f76da38880186dcde4cffdda2b047532d31bcc
SSDEEP

384:wKoRKZAXa1f+HNj8/mksWB78MNYXiPzwX8kGt9zYVV8CV:wNc0hkxnYyPzwMkGsoE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2256	1984	rundll32.exe	28
PID 1984 wrote to memory of 2256	1984	rundll32.exe	28
PID 1984 wrote to memory of 2256	1984	rundll32.exe	28
PID 1984 wrote to memory of 2256	1984	rundll32.exe	28
PID 1984 wrote to memory of 2256	1984	rundll32.exe	28
PID 1984 wrote to memory of 2256	1984	rundll32.exe	28
PID 1984 wrote to memory of 2256	1984	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76ab1f3eee289e227b389f879e9f50fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\76ab1f3eee289e227b389f879e9f50fb.dll,#1
  2⤵
  PID:2256