249664ec56ff850ce21289dec3afb28d9d102072bd66e68fd588a06458949d5d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 05:00

Target

8e46a51a71dc07f0924340a644fdd41f.dll
Size

334KB
MD5

8e46a51a71dc07f0924340a644fdd41f
SHA1

8b0e300995e01139a700774d743b87c0acc889c3
SHA256

249664ec56ff850ce21289dec3afb28d9d102072bd66e68fd588a06458949d5d
SHA512

9f23987f6f2e47373e916e37223edcb8ff1ac4df4259c10a561bb1e64a400836769043b1910f00b4055c35ad05ea673b1b7a0b0f4f8890e2bc997f0e33df8436
SSDEEP

6144:LXvLa1SqHDqtYTDbINo7yTKZlHllENXpChnaglSP4npusKD41x2F/:LXvLa1SqHOsIMq2lFlyXEnaii4nEszx2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e46a51a71dc07f0924340a644fdd41f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e46a51a71dc07f0924340a644fdd41f.dll,#1
  2⤵
  PID:3056

memory/3056-0-0x0000000000A30000-0x0000000000B1D000-memory.dmp

Filesize
948KB

Download
memory/3056-1-0x0000000000A30000-0x0000000000B1D000-memory.dmp

Filesize
948KB

Download
memory/3056-2-0x0000000000A30000-0x0000000000B1D000-memory.dmp

Filesize
948KB

Download
memory/3056-3-0x0000000000A30000-0x0000000000B1D000-memory.dmp

Filesize
948KB

Download
memory/3056-4-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download