88678c858e843f4a48a0b22410fc454cc927683f56939b970c3c191a24101e27

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 23:27

Target

AU6PQXR5J_SETUP/msimg32.dll
Size

3.6MB
MD5

1db4d4cc33c445ce57aa484b9c07062c
SHA1

d8db0513e182b02e575937119785b242f222e896
SHA256

f8d38044e76ab91842b0c76373ad8d8559f9a7e9fa41ad9703f6cfed3a4e1aee
SHA512

50971e77228d58276b99d04f9968180ad9111c928a1c7fb0c77221290dba38f70188cd36d6a33425ea59e76ef84693e149a3479a24b99f581f6f46809157ee2a
SSDEEP

49152:yVXfKGbBxFbPq+m9BoZztaDvTU9Ww1JUob/ka4R4xAVkxVrwBMyrFBMyr3:IyOvTB/Zx9MR4xAO8BDrFBDr3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2776	1636	rundll32.exe	28
PID 1636 wrote to memory of 2776	1636	rundll32.exe	28
PID 1636 wrote to memory of 2776	1636	rundll32.exe	28
PID 1636 wrote to memory of 2776	1636	rundll32.exe	28
PID 1636 wrote to memory of 2776	1636	rundll32.exe	28
PID 1636 wrote to memory of 2776	1636	rundll32.exe	28
PID 1636 wrote to memory of 2776	1636	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AU6PQXR5J_SETUP\msimg32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AU6PQXR5J_SETUP\msimg32.dll,#1
  2⤵
  PID:2776

memory/2776-0-0x00000000749C0000-0x0000000074D6C000-memory.dmp

Filesize
3.7MB

Download
memory/2776-1-0x0000000074610000-0x00000000749BC000-memory.dmp

Filesize
3.7MB

Download
memory/2776-2-0x00000000749C0000-0x0000000074D6C000-memory.dmp

Filesize
3.7MB

Download
memory/2776-3-0x0000000074610000-0x00000000749BC000-memory.dmp

Filesize
3.7MB

Download
memory/2776-5-0x00000000001B0000-0x00000000001B4000-memory.dmp

Filesize
16KB

Download
memory/2776-4-0x00000000001C0000-0x00000000001C4000-memory.dmp

Filesize
16KB

Download