a4e0d18aeb50467c9b5c26353feaa838447d21a0f617b41af87dbe627229d4b7

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 06:43

Target

a13438d0e9ae304c3f2dc42ed93b5a60.dll
Size

97KB
MD5

a13438d0e9ae304c3f2dc42ed93b5a60
SHA1

bff0e0288f72f887eae92b955ca7ccd8dd2a740d
SHA256

a4e0d18aeb50467c9b5c26353feaa838447d21a0f617b41af87dbe627229d4b7
SHA512

d4d8a5873a8b36a5a3a350f1eb499deb4db2ee4b91375528e56313c944bc4ad4a2c710e785ff67e6d7a0a4fe7dfbe496813ea30cb36bcb317314d215f5e0122d
SSDEEP

1536:eRyZOO1ZenJBn6dFWNgeHn+p6pk5NtxlGvSFLXJOhZ/C+upF0I3Z20mL:epO1Ze8FaHg6pCNblGSFL5OH/TuA0mL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2680	1712	rundll32.exe	28
PID 1712 wrote to memory of 2680	1712	rundll32.exe	28
PID 1712 wrote to memory of 2680	1712	rundll32.exe	28
PID 1712 wrote to memory of 2680	1712	rundll32.exe	28
PID 1712 wrote to memory of 2680	1712	rundll32.exe	28
PID 1712 wrote to memory of 2680	1712	rundll32.exe	28
PID 1712 wrote to memory of 2680	1712	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a13438d0e9ae304c3f2dc42ed93b5a60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a13438d0e9ae304c3f2dc42ed93b5a60.dll,#1
  2⤵
  PID:2680

memory/2680-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2680-1-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2680-2-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download