b47914d632508339a012e07cc4030b35b25a78665513276c26496affefd01b90

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 14:45

Target

Lancetter/Milieubeskyttelsesreglementer/wcapi.dll
Size

396KB
MD5

062434166c64d50b84518692be7e78dc
SHA1

86b24ae2fd5c7f396d2b920a113020dcd9ae4754
SHA256

5af5384cb1f83bab386ddf98e6b57639e896265008438a2730e17b93e65577e5
SHA512

bf85f59095f828e97a544ba0a1e348c03f5f27e59eb3e3f3d602922152a08f0848e27782db73594622f72510862780ac6898747002e8371cd2494f65c65c3d38
SSDEEP

6144:cfn5v+crgiX1sibsPdIqBaGTa/BIWZNGBmLbrTIdkDkwZYfQlYnx:a+crgmfbsFBaoGYfh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2832	2360	rundll32.exe	28
PID 2360 wrote to memory of 2832	2360	rundll32.exe	28
PID 2360 wrote to memory of 2832	2360	rundll32.exe	28
PID 2360 wrote to memory of 2832	2360	rundll32.exe	28
PID 2360 wrote to memory of 2832	2360	rundll32.exe	28
PID 2360 wrote to memory of 2832	2360	rundll32.exe	28
PID 2360 wrote to memory of 2832	2360	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lancetter\Milieubeskyttelsesreglementer\wcapi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lancetter\Milieubeskyttelsesreglementer\wcapi.dll,#1
  2⤵
  PID:2832