76b918c2381bcf640fd178c6adf290dd67be20861b7bac8c253fa87a34b09c9a

Resubmissions

17-02-2024 09:50

17-02-2024 09:20

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
17-02-2024 09:20

Target

primordialV2.dll
Size

732KB
MD5

24ba5715af200d9ecec893e8eda22488
SHA1

a137100bb81978775efbc6acce50d16662946970
SHA256

1a5ac5e4cd843bef11f81fb5c3b6789ea0d50cddb793da1fe18710916a236620
SHA512

639c123f11e2acdfe3d706ed8bb4f67c2fe8ff7677483842820c6d7c79eb579de1e42fa0a56a5fa19abcc37b9228b56b600f9bb4f2e521a498539f775890365b
SSDEEP

12288:MdC4wg9AEdFmCiv9u13TxuxtOgAVSt5UPP4o3Hf5lp9o0fjf7CGy+dptwE4nrX2N:MM4wg9FoOgAHdlpJd03Ooc8dHkC2e6Z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 2192	1280	rundll32.exe	28
PID 1280 wrote to memory of 2192	1280	rundll32.exe	28
PID 1280 wrote to memory of 2192	1280	rundll32.exe	28
PID 1280 wrote to memory of 2192	1280	rundll32.exe	28
PID 1280 wrote to memory of 2192	1280	rundll32.exe	28
PID 1280 wrote to memory of 2192	1280	rundll32.exe	28
PID 1280 wrote to memory of 2192	1280	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\primordialV2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\primordialV2.dll,#1
  2⤵
  PID:2192