3b7ae0fbf40074e6630a9dd4367ea644386f15da242ace0c319ba2ed96e002b0

Analysis

max time kernel
151s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-02-2024 00:01

Target

8802eae85499e8ac70db79e3a3b72e6e.dll
Size

94KB
MD5

8802eae85499e8ac70db79e3a3b72e6e
SHA1

32ec518a7a856fa944f6c81fe258cbb349c85e36
SHA256

3b7ae0fbf40074e6630a9dd4367ea644386f15da242ace0c319ba2ed96e002b0
SHA512

474ccb8112142bbae35a89f6c2a5d10e0c624effe42c5e1d3b75389bbea95387b14498abdec109f15fdbd6e85958d8e5d1f1f753c9795b7936b943f76cc4e8a2
SSDEEP

1536:HcA1HEUZCj/7ica5ZHpTsmhc+3NMEEFdNWKljrZId5Oay:N1HEfpcZHpYd+3NMEE3ZG5jy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2356	2876	rundll32.exe	28
PID 2876 wrote to memory of 2356	2876	rundll32.exe	28
PID 2876 wrote to memory of 2356	2876	rundll32.exe	28
PID 2876 wrote to memory of 2356	2876	rundll32.exe	28
PID 2876 wrote to memory of 2356	2876	rundll32.exe	28
PID 2876 wrote to memory of 2356	2876	rundll32.exe	28
PID 2876 wrote to memory of 2356	2876	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8802eae85499e8ac70db79e3a3b72e6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8802eae85499e8ac70db79e3a3b72e6e.dll,#1
  2⤵
  PID:2356

C:\ProgramData\zhqbdf16.ini

Filesize
14B

MD5
95f3ef681f0ef4ed85e36ac92de0244e

SHA1
fb9ed20a0761e9ca1c3100078b3f5ec16efb2e03

SHA256
390e65802e705fe8928f41b135234653c86a3871bd8a3ec9c666fb33ccd9b468

SHA512
1c49bc25196f5486d35f4e359b041b4ce5e68dbfaddb605d6e79759d498a1dd3e9a38d894e5abdfd90262f6bdb4c9428497e049e24505fa35a2c5353a2166c58

Download Submit
memory/2356-0-0x0000000000160000-0x000000000017D000-memory.dmp

Filesize
116KB

Download
memory/2356-340-0x0000000000160000-0x000000000017D000-memory.dmp

Filesize
116KB

Download
memory/2356-2009-0x0000000000160000-0x000000000017D000-memory.dmp

Filesize
116KB

Download