5afb39ef06f3da17f169c87fa7c629fd14bd838fa6b08683cbee5444fddda601

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-02-2024 16:36

Target

5afb39ef06f3da17f169c87fa7c629fd14bd838fa6b08683cbee5444fddda601.dll
Size

613KB
MD5

b99b7341c32116b5d6332b89adaa4614
SHA1

96dd3131909163819186772e9ded05a9b8331d4e
SHA256

5afb39ef06f3da17f169c87fa7c629fd14bd838fa6b08683cbee5444fddda601
SHA512

f491fb5ec1207856a02fc53500a288137c9bccc0d4d948a8fdb485739d3acb3dfd7bab4ededa21e8b84d22cdb49be94f7106f32fab680ebf218a6a81a4b9a5f6
SSDEEP

6144:dBqrw1HNeQdmM9XNKZOOXSpmwlLESlrN25pyfnzxt4eLTECwGceibUNv/DjB8P+q:zommxZtonlrffnzxtbTjwGcej3Bhq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2024	1524	rundll32.exe	22
PID 1524 wrote to memory of 2024	1524	rundll32.exe	22
PID 1524 wrote to memory of 2024	1524	rundll32.exe	22
PID 1524 wrote to memory of 2024	1524	rundll32.exe	22
PID 1524 wrote to memory of 2024	1524	rundll32.exe	22
PID 1524 wrote to memory of 2024	1524	rundll32.exe	22
PID 1524 wrote to memory of 2024	1524	rundll32.exe	22

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afb39ef06f3da17f169c87fa7c629fd14bd838fa6b08683cbee5444fddda601.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afb39ef06f3da17f169c87fa7c629fd14bd838fa6b08683cbee5444fddda601.dll,#1
  2⤵
  PID:2024

memory/2024-0-0x00000000002A0000-0x000000000033F000-memory.dmp

Filesize
636KB

Download