45a74ae18053c8350f0fe3d0c8d6fd6b394a221e8f035da45a97ab24d856c7f3

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 16:56

Target

99a903637e01b660ce3e3efb4a9d60ed.dll
Size

32KB
MD5

99a903637e01b660ce3e3efb4a9d60ed
SHA1

af79fdd39189f13fdb93a0b2c0c62eadbc3d3d30
SHA256

45a74ae18053c8350f0fe3d0c8d6fd6b394a221e8f035da45a97ab24d856c7f3
SHA512

84d5a09b69a8851a129bd25cb90d878eb70ee953ffdfb37bd515285f996bdab0bbc7659681fbd394a860c240b3d0f12493f1d2646b2d5256e54fee57285bd606
SSDEEP

768:4es22ZSkm4dWbDNU1Z7l9JG7Z1fcLIiOFR1T3UYVjDa:4es2US5Bby1Z7A7Z1f0WR1LUYVfa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2060	1948	rundll32.exe	28
PID 1948 wrote to memory of 2060	1948	rundll32.exe	28
PID 1948 wrote to memory of 2060	1948	rundll32.exe	28
PID 1948 wrote to memory of 2060	1948	rundll32.exe	28
PID 1948 wrote to memory of 2060	1948	rundll32.exe	28
PID 1948 wrote to memory of 2060	1948	rundll32.exe	28
PID 1948 wrote to memory of 2060	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99a903637e01b660ce3e3efb4a9d60ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99a903637e01b660ce3e3efb4a9d60ed.dll,#1
  2⤵
  PID:2060