a2db093b1d7ca29eb295349c09ab751dc1f2ea8ad607fb6882cbb44a531a31a5

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 14:30

Target

9bec46a3c9184521cecbaf817f740462.dll
Size

90KB
MD5

9bec46a3c9184521cecbaf817f740462
SHA1

1e76e293fd61eb5416f22daabd38ac32c5795b24
SHA256

a2db093b1d7ca29eb295349c09ab751dc1f2ea8ad607fb6882cbb44a531a31a5
SHA512

5e03a49de9f096f36d1ca8f446befec0acdd7e580daa2a80729867758a9490f4989319b78fde2026babd3e7d59734de18aef93e247b206e87582b030ddbd80ee
SSDEEP

1536:nRrp+jo0QLIhckdIIRnMp189dn2RQuws0QPugdCZ2eIRVHYVHW+hbgf7r:nR2QKQVp16dnYQudugdt+Bo7r

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1044	2184	rundll32.exe	28
PID 2184 wrote to memory of 1044	2184	rundll32.exe	28
PID 2184 wrote to memory of 1044	2184	rundll32.exe	28
PID 2184 wrote to memory of 1044	2184	rundll32.exe	28
PID 2184 wrote to memory of 1044	2184	rundll32.exe	28
PID 2184 wrote to memory of 1044	2184	rundll32.exe	28
PID 2184 wrote to memory of 1044	2184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bec46a3c9184521cecbaf817f740462.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bec46a3c9184521cecbaf817f740462.dll,#1
  2⤵
  PID:1044

memory/1044-0-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download
memory/1044-1-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download