370e4b7629bf28de8725dd11a5a8cac3e2b80108bed5230c948c93bdc2e97fdf

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 09:57

Target

7f8b4dca0a9586e60c7e1c39dc1cd28e.dll
Size

8KB
MD5

7f8b4dca0a9586e60c7e1c39dc1cd28e
SHA1

580a8c71c4be5bb00e6ae403ac6e108bce214157
SHA256

370e4b7629bf28de8725dd11a5a8cac3e2b80108bed5230c948c93bdc2e97fdf
SHA512

60f12337366122a70cac93e83e75f737649bc571332375384a5e99aa6ce049a6ea99676900ef3e4dfcc9f52fb916a79715822185a59424b47dc6df091e4a5442
SSDEEP

192:/DRauHtm6beDEISvjux9m3y03ql8U50VEFJwn/xfwJ0kgUw9D:/PHY6KYISyq3WlvTJEpfwJLU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2544	1752	rundll32.exe	28
PID 1752 wrote to memory of 2544	1752	rundll32.exe	28
PID 1752 wrote to memory of 2544	1752	rundll32.exe	28
PID 1752 wrote to memory of 2544	1752	rundll32.exe	28
PID 1752 wrote to memory of 2544	1752	rundll32.exe	28
PID 1752 wrote to memory of 2544	1752	rundll32.exe	28
PID 1752 wrote to memory of 2544	1752	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f8b4dca0a9586e60c7e1c39dc1cd28e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f8b4dca0a9586e60c7e1c39dc1cd28e.dll,#1
  2⤵
  PID:2544

memory/2544-0-0x0000000025000000-0x0000000025018000-memory.dmp

Filesize
96KB

Download