f8c0f278a6f12f17163a4ed8b7ae593c0ec98feb19573551e688e0c51233451d

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 20:55

Target

VirusShare_87aef8f9898602d13a741af81cced575.dll
Size

60KB
MD5

87aef8f9898602d13a741af81cced575
SHA1

b53de2f2384d440c626996b82de5151ee81e5ca3
SHA256

f8c0f278a6f12f17163a4ed8b7ae593c0ec98feb19573551e688e0c51233451d
SHA512

0ee3fc1f2014c8dedfd8e7c33c368a63cf23be2a827577c49161d20b9062328ffbb7deb06a1e3aa86fdba89e3d231fb362a61fa62a0e5d40cbada3991943f5b5
SSDEEP

1536:FaZnubOz+0waU6Khx48Am1JojrGObx+hWFd:FUuhX6K8cUuObxGWH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2232	1364	rundll32.exe	28
PID 1364 wrote to memory of 2232	1364	rundll32.exe	28
PID 1364 wrote to memory of 2232	1364	rundll32.exe	28
PID 1364 wrote to memory of 2232	1364	rundll32.exe	28
PID 1364 wrote to memory of 2232	1364	rundll32.exe	28
PID 1364 wrote to memory of 2232	1364	rundll32.exe	28
PID 1364 wrote to memory of 2232	1364	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_87aef8f9898602d13a741af81cced575.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_87aef8f9898602d13a741af81cced575.dll,#1
  2⤵
  PID:2232

memory/2232-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/2232-1-0x00000000001B0000-0x00000000001B9000-memory.dmp

Filesize
36KB

Download