6a53c6f3b2c93766c0ad7a13f6e86927c5c157aa4ab73210ad1821fa62d17d9b

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 13:55

Target

9bd9b3094adcd7ebc952b7ed6d3790d9.dll
Size

24KB
MD5

9bd9b3094adcd7ebc952b7ed6d3790d9
SHA1

9c82188cc89022ad7238afd2f5607df08577f2de
SHA256

6a53c6f3b2c93766c0ad7a13f6e86927c5c157aa4ab73210ad1821fa62d17d9b
SHA512

c7c4873f13e909db813ab055bd977ec1b2d8ad77a2a56698ee6c8cf0b521970e5b534953658266e28ffc92113df78b3222941f9bb85609c55fb0c2c392380249
SSDEEP

192:j5uHEpg1qsAd0omPzoCq2s/4EowjEZNjBhmZiZjQC8zpct5U11/8g:jdkq6omPzK7noqEZNjBDF8zpct5O

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 1724	2456	rundll32.exe	28
PID 2456 wrote to memory of 1724	2456	rundll32.exe	28
PID 2456 wrote to memory of 1724	2456	rundll32.exe	28
PID 2456 wrote to memory of 1724	2456	rundll32.exe	28
PID 2456 wrote to memory of 1724	2456	rundll32.exe	28
PID 2456 wrote to memory of 1724	2456	rundll32.exe	28
PID 2456 wrote to memory of 1724	2456	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bd9b3094adcd7ebc952b7ed6d3790d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bd9b3094adcd7ebc952b7ed6d3790d9.dll,#1
  2⤵
  PID:1724