35f27c9e5a6bf11a8454b2eefdcad2b9bd129ffd196446110c67dfad7802a055

Analysis

max time kernel
121s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 01:25

Target

9a6b40e3257b847cdfed07a424b09847.dll
Size

89KB
MD5

9a6b40e3257b847cdfed07a424b09847
SHA1

a5060db95e843fc58bfc4d192705f2538fa3a24f
SHA256

35f27c9e5a6bf11a8454b2eefdcad2b9bd129ffd196446110c67dfad7802a055
SHA512

7e596eabeef470bf7056be98b29bb27fd66293887abe39ff9295aa1e64af69bd18cbe34f8e9926f0618eed536e41e95ad2163e5848eb5cb92964d30960c796b6
SSDEEP

1536:y2AR9Rnlrbru7EumGdkxIiRdvRxuhNMevHiacvelF3FSJJlwh7S:7A/RlXrHuNe9RJruPQaOej3FlG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2076	2124	rundll32.exe	28
PID 2124 wrote to memory of 2076	2124	rundll32.exe	28
PID 2124 wrote to memory of 2076	2124	rundll32.exe	28
PID 2124 wrote to memory of 2076	2124	rundll32.exe	28
PID 2124 wrote to memory of 2076	2124	rundll32.exe	28
PID 2124 wrote to memory of 2076	2124	rundll32.exe	28
PID 2124 wrote to memory of 2076	2124	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a6b40e3257b847cdfed07a424b09847.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a6b40e3257b847cdfed07a424b09847.dll,#1
  2⤵
  PID:2076

memory/2076-0-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/2076-1-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/2076-2-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/2076-3-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download