3e13e6eb755a97454a993f6f875e6df7eecf3e110fee119464eddc7ade2b079d

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 13:35

Target

9bd002581e04be3062c4a3145b36f4d5.dll
Size

55KB
MD5

9bd002581e04be3062c4a3145b36f4d5
SHA1

ad2b7f2c85d997e5dadecdbf4d6679d2961acbff
SHA256

3e13e6eb755a97454a993f6f875e6df7eecf3e110fee119464eddc7ade2b079d
SHA512

13e6bbf8e7d293d73d616ac806d3cfe3ff69bb243da30e10242998db55078ada7f757d4ec6346dc5dc2e73a936bd9defaff453e9e7fbfff06eb41f068f74a5e4
SSDEEP

768:1zExMf4sJGHw2jnD0qgyjJOgV1qrFWF3F8BPCsGWzWtBlHUzV+Wuy6LcgCYlV1rW:1zExMwCGQ2jo3yjF1TFMdGeWJoUukW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2256	2228	rundll32.exe	28
PID 2228 wrote to memory of 2256	2228	rundll32.exe	28
PID 2228 wrote to memory of 2256	2228	rundll32.exe	28
PID 2228 wrote to memory of 2256	2228	rundll32.exe	28
PID 2228 wrote to memory of 2256	2228	rundll32.exe	28
PID 2228 wrote to memory of 2256	2228	rundll32.exe	28
PID 2228 wrote to memory of 2256	2228	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bd002581e04be3062c4a3145b36f4d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bd002581e04be3062c4a3145b36f4d5.dll,#1
  2⤵
  PID:2256

memory/2256-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download