38b8f876be6c30f70348f1b5cec1263d3f28d29bad668136248fde1e7bf5da1f

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 06:12

Target

9af6e72a68892d4fec0e2eade7f7da3e.dll
Size

82KB
MD5

9af6e72a68892d4fec0e2eade7f7da3e
SHA1

73edfae2b95f867584856189b1f58f937cff9daa
SHA256

38b8f876be6c30f70348f1b5cec1263d3f28d29bad668136248fde1e7bf5da1f
SHA512

25dcb462f32c0e1728578e972f7022b3eed34d8b499fa0a5e5d7472b036ec89105c145d5d5138b92d30ea1aa178c4dbbceb9f13ea47e7711ef2cbf22a38f7c4e
SSDEEP

1536:wzjl29TJKmjnmWeaEr7HGDhkID+95fPGtoUriLl/Pd:w3l2JJKmqWNEPaBDU5futpr0/Pd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 1568	2132	rundll32.exe	28
PID 2132 wrote to memory of 1568	2132	rundll32.exe	28
PID 2132 wrote to memory of 1568	2132	rundll32.exe	28
PID 2132 wrote to memory of 1568	2132	rundll32.exe	28
PID 2132 wrote to memory of 1568	2132	rundll32.exe	28
PID 2132 wrote to memory of 1568	2132	rundll32.exe	28
PID 2132 wrote to memory of 1568	2132	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9af6e72a68892d4fec0e2eade7f7da3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9af6e72a68892d4fec0e2eade7f7da3e.dll,#1
  2⤵
  PID:1568

memory/1568-0-0x000000006D550000-0x000000006D568000-memory.dmp

Filesize
96KB

Download
memory/1568-1-0x000000006D550000-0x000000006D568000-memory.dmp

Filesize
96KB

Download