c7356b8cb6f7d47f60618cba86ad3c8c52b22d36bc555b94ef5cbae37830e693

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 13:00

Target

8f35fd19e2a20256445edcc2020fb589.dll
Size

65KB
MD5

8f35fd19e2a20256445edcc2020fb589
SHA1

9b941bdf38fa35ba295d96032d662063a272acdd
SHA256

c7356b8cb6f7d47f60618cba86ad3c8c52b22d36bc555b94ef5cbae37830e693
SHA512

086505c31df90d4139cdbbc1414dc775cacdbb95f7186f27b3b0ce9b9b34c63db11a83d7a03a0e57fc4901f60865665afc19160b20ca96a8fb13001980aee25a
SSDEEP

1536:9zcIb5woBUjdgUtAZ/3wz0Mzq3X4M0wTWqAiAGhUcBg:eE3DUtogz0Gq3XL0wTWbiAGhUr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2084	1720	rundll32.exe	28
PID 1720 wrote to memory of 2084	1720	rundll32.exe	28
PID 1720 wrote to memory of 2084	1720	rundll32.exe	28
PID 1720 wrote to memory of 2084	1720	rundll32.exe	28
PID 1720 wrote to memory of 2084	1720	rundll32.exe	28
PID 1720 wrote to memory of 2084	1720	rundll32.exe	28
PID 1720 wrote to memory of 2084	1720	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f35fd19e2a20256445edcc2020fb589.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f35fd19e2a20256445edcc2020fb589.dll,#1
  2⤵
  PID:2084