4bb15d56a4e5f344c2c6f5cad5170b9687e5718fc16454ae851d66c8f5affb3e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 02:21

Target

4bb15d56a4e5f344c2c6f5cad5170b9687e5718fc16454ae851d66c8f5affb3e.dll
Size

5.3MB
MD5

c50dc32f0cabcf7d7b44031031026078
SHA1

7b0f1b9d14df489e4242fb8432337d31757eb6fb
SHA256

4bb15d56a4e5f344c2c6f5cad5170b9687e5718fc16454ae851d66c8f5affb3e
SHA512

be4342d8a228154cd55ff19454f635817711ef86187e4df053aad8b5afce4b2037143b3a51b8e41972e15c94b7b86dfa2a2e24f6ac1b524819fdfc55034af5b1
SSDEEP

98304:eKSvip4VObk3vKkz43kz4iMQsntBFxfMVB1tBShRgKxHvz:eKjuhKj3jZn/fWShRVxHv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1968	1684	rundll32.exe	28
PID 1684 wrote to memory of 1968	1684	rundll32.exe	28
PID 1684 wrote to memory of 1968	1684	rundll32.exe	28
PID 1684 wrote to memory of 1968	1684	rundll32.exe	28
PID 1684 wrote to memory of 1968	1684	rundll32.exe	28
PID 1684 wrote to memory of 1968	1684	rundll32.exe	28
PID 1684 wrote to memory of 1968	1684	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb15d56a4e5f344c2c6f5cad5170b9687e5718fc16454ae851d66c8f5affb3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb15d56a4e5f344c2c6f5cad5170b9687e5718fc16454ae851d66c8f5affb3e.dll,#1
  2⤵
  PID:1968