04b00b795b2d0b8253f20450a6acddf4589b41b16d327ce9257ec794737f1e56

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 16:49

Target

04b00b795b2d0b8253f20450a6acddf4589b41b16d327ce9257ec794737f1e56.dll
Size

643KB
MD5

6e1ef8529a1330fbae3967965cf66507
SHA1

ddf329720b2569667dcbfa209dbfb0fb57a97103
SHA256

04b00b795b2d0b8253f20450a6acddf4589b41b16d327ce9257ec794737f1e56
SHA512

0f3641017b567fa71918a14741336dfef069e5d2ebf813edb871a823a845ad8b76b200fcf8dd4b032f4512cdae110b64e99d3ec224e17950f98c9d8517ead004
SSDEEP

6144:fguPj8VAfRUaZ75LpiUNVToEiHPsmBaBSxj1DGtR+ziEbP+D9/b0NFP6iL3ExOxh:fg8j8WUWB8Ns+ZKwiMPoE3EEL1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2652	2188	rundll32.exe	27
PID 2188 wrote to memory of 2652	2188	rundll32.exe	27
PID 2188 wrote to memory of 2652	2188	rundll32.exe	27
PID 2188 wrote to memory of 2652	2188	rundll32.exe	27
PID 2188 wrote to memory of 2652	2188	rundll32.exe	27
PID 2188 wrote to memory of 2652	2188	rundll32.exe	27
PID 2188 wrote to memory of 2652	2188	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04b00b795b2d0b8253f20450a6acddf4589b41b16d327ce9257ec794737f1e56.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04b00b795b2d0b8253f20450a6acddf4589b41b16d327ce9257ec794737f1e56.dll,#1
  2⤵
  PID:2652

memory/2652-0-0x0000000000830000-0x00000000008D7000-memory.dmp

Filesize
668KB

Download