4bcb8d0282ba9038947f70cebc207e3d3a875ebd84e588c5e172102b4c03711e

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 09:05

Target

96c927e543a32602054315af955e1554.dll
Size

482KB
MD5

96c927e543a32602054315af955e1554
SHA1

49cd8839149fde03c338bedbf133ba3096084e5d
SHA256

4bcb8d0282ba9038947f70cebc207e3d3a875ebd84e588c5e172102b4c03711e
SHA512

698ac56dbc42f898842e1ce76dfb938a00885118730141fe5084e38e1c0a36e4860fe4dcad5af7e9d31437f60ba59f536f39a034286dc3d8b273544a76755af2
SSDEEP

6144:qdHtCVeJ6DA8nvyWqkZiFs/rSFw4aLW7yot/Q7Z5LTJeDhe24nRCsOx:qdHtCVeJ6kDDF6tRLxotAZ1Je9yE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2972	1664	rundll32.exe	28
PID 1664 wrote to memory of 2972	1664	rundll32.exe	28
PID 1664 wrote to memory of 2972	1664	rundll32.exe	28
PID 1664 wrote to memory of 2972	1664	rundll32.exe	28
PID 1664 wrote to memory of 2972	1664	rundll32.exe	28
PID 1664 wrote to memory of 2972	1664	rundll32.exe	28
PID 1664 wrote to memory of 2972	1664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96c927e543a32602054315af955e1554.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\96c927e543a32602054315af955e1554.dll,#1
  2⤵
  PID:2972