03dee4152c205a43387421dab4207d288737bc93b5b0890ef555e1daed7b33b0

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 10:38

Target

9b74d9d3a145dcd3298ce43fd1520100.dll
Size

152KB
MD5

9b74d9d3a145dcd3298ce43fd1520100
SHA1

f1ce1ce2559f577acf7ac8ae9759ee30d6e8f9a1
SHA256

03dee4152c205a43387421dab4207d288737bc93b5b0890ef555e1daed7b33b0
SHA512

d39cbf443d7da59457332c97e1a1d9dc4245d41c81c232e0899de2a257c22552efbc08118c653a92fdf1869c4846d6d4ace0d704cf975aabe409b295b0039425
SSDEEP

3072:KwUMNmAxJ3eVvX6dVKewhI2aY0GrUAXKP3K3I1sa4KxakPGjNqyXjHvdsD+:KiNJQvPewhAgKPK3cb4K7G5qyh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2280	2124	rundll32.exe	25
PID 2124 wrote to memory of 2280	2124	rundll32.exe	25
PID 2124 wrote to memory of 2280	2124	rundll32.exe	25
PID 2124 wrote to memory of 2280	2124	rundll32.exe	25
PID 2124 wrote to memory of 2280	2124	rundll32.exe	25
PID 2124 wrote to memory of 2280	2124	rundll32.exe	25
PID 2124 wrote to memory of 2280	2124	rundll32.exe	25

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b74d9d3a145dcd3298ce43fd1520100.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b74d9d3a145dcd3298ce43fd1520100.dll,#1
  2⤵
  PID:2280

memory/2280-1-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2280-2-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download