46297fb7a5be41e285a2576dfe8f476cfe6e363c3f4f72f91151fb22a62b6473

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 22:21

Target

97c1e7df4224a582bdca55b87e8d44e3.dll
Size

35KB
MD5

97c1e7df4224a582bdca55b87e8d44e3
SHA1

968eca62982ab5b4912885b81c8c4ae58b3b1645
SHA256

46297fb7a5be41e285a2576dfe8f476cfe6e363c3f4f72f91151fb22a62b6473
SHA512

8bb705e9b2e217e882d5d9ecd07dc6a617369f4a3e8a7752d6ab14ed08971329c33d8248e8650dce5a43fd137ae3127e5b2e6d3075984fc0c50528d3c91b2fdf
SSDEEP

768:ZHi1piCxqGU9rygJEmhSCvh6rlU28OB+V7q18PNh3NLE9DeQt1U:ZHi1piZGU9VhSCvh6r+tOs7q1qBoDeQ4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2100	2076	rundll32.exe	28
PID 2076 wrote to memory of 2100	2076	rundll32.exe	28
PID 2076 wrote to memory of 2100	2076	rundll32.exe	28
PID 2076 wrote to memory of 2100	2076	rundll32.exe	28
PID 2076 wrote to memory of 2100	2076	rundll32.exe	28
PID 2076 wrote to memory of 2100	2076	rundll32.exe	28
PID 2076 wrote to memory of 2100	2076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97c1e7df4224a582bdca55b87e8d44e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\97c1e7df4224a582bdca55b87e8d44e3.dll,#1
  2⤵
  PID:2100