ead54ebee9675b57479030332de2bc18e4a54da2f125dd9dab2b3528e67428fe

Analysis

max time kernel
143s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 06:15

Target

9af877018b03845b5092349eccadfb81.dll
Size

159KB
MD5

9af877018b03845b5092349eccadfb81
SHA1

ecb82875d0fd15cdc9d65750305d569ff789fb15
SHA256

ead54ebee9675b57479030332de2bc18e4a54da2f125dd9dab2b3528e67428fe
SHA512

db0ece21d296d89d337f53f39d5cf47f7fa7ff7061ed0f517a91bd0b0fd953325e375f8a651aee02cb7e5f00e75e85e4b19b2257348485634f8f29bfa69925d3
SSDEEP

3072:toQDs0eyO2n5S/vy+qawEj2YtvixPhdjJLuf7WIhpzi2:GqHQ/vfRjJix/d6fBi2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2544	1632	rundll32.exe	28
PID 1632 wrote to memory of 2544	1632	rundll32.exe	28
PID 1632 wrote to memory of 2544	1632	rundll32.exe	28
PID 1632 wrote to memory of 2544	1632	rundll32.exe	28
PID 1632 wrote to memory of 2544	1632	rundll32.exe	28
PID 1632 wrote to memory of 2544	1632	rundll32.exe	28
PID 1632 wrote to memory of 2544	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9af877018b03845b5092349eccadfb81.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9af877018b03845b5092349eccadfb81.dll,#1
  2⤵
  PID:2544

memory/2544-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2544-1-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2544-2-0x0000000000160000-0x00000000001A1000-memory.dmp

Filesize
260KB

Download
memory/2544-3-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2544-6-0x0000000000160000-0x00000000001A1000-memory.dmp

Filesize
260KB

Download