84b2e9aa31e553a5a49059a16beb214d2ecf46a2dcee98635830b67fc2672a26

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 16:48

Target

84b2e9aa31e553a5a49059a16beb214d2ecf46a2dcee98635830b67fc2672a26.dll
Size

332KB
MD5

4d89a59dbf7e6fe093c7036e9df50703
SHA1

95a91c2d5dc4aa35e9034d39d8e17ad5e3054ec7
SHA256

84b2e9aa31e553a5a49059a16beb214d2ecf46a2dcee98635830b67fc2672a26
SHA512

a9efadcac929afdcf24b3b4245efd569802feac8b420961804d73009d1f87dcc1a6c053c5823af662d4e8728ff29493f82f72a8163e29bfd838c80fbf40f0479
SSDEEP

3072:g6CBHTDTLPSQ+L7+KtQzk1y88Ery56IK6IiyKqm9U4u/0Nq3eitxs1MLTBAbRmLN:g6C5T7SzlQEydqm9U4u/0NegUCn1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2276	2392	rundll32.exe	28
PID 2392 wrote to memory of 2276	2392	rundll32.exe	28
PID 2392 wrote to memory of 2276	2392	rundll32.exe	28
PID 2392 wrote to memory of 2276	2392	rundll32.exe	28
PID 2392 wrote to memory of 2276	2392	rundll32.exe	28
PID 2392 wrote to memory of 2276	2392	rundll32.exe	28
PID 2392 wrote to memory of 2276	2392	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\84b2e9aa31e553a5a49059a16beb214d2ecf46a2dcee98635830b67fc2672a26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\84b2e9aa31e553a5a49059a16beb214d2ecf46a2dcee98635830b67fc2672a26.dll,#1
  2⤵
  PID:2276

memory/2276-0-0x0000000000160000-0x00000000001B8000-memory.dmp

Filesize
352KB

Download