2b532ba88ef97140250a0bd5a9f2a16185390103dfe414f97cf855176d7175c4

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 23:33

Target

ad2387bad62e4fd1fc7ac9bbf1a1a802.dll
Size

42KB
MD5

ad2387bad62e4fd1fc7ac9bbf1a1a802
SHA1

2ac735a23a16d7bd03521bb821ac644688586263
SHA256

2b532ba88ef97140250a0bd5a9f2a16185390103dfe414f97cf855176d7175c4
SHA512

91685b912592b54a76f32b414f91a4fe4b6a40ef82c02d5befe42636296825dc5b1bb65237a8cb98d25b6b8988e9029e56d9920b50c19a66e758bbf644272d45
SSDEEP

768:Vv+5qD1szHOhbZRTNjFLwfkIy9rJabCuTF9MJRh8KQtN:s5qD1sD2T7XIgYfMJRdQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 3036	1280	rundll32.exe	28
PID 1280 wrote to memory of 3036	1280	rundll32.exe	28
PID 1280 wrote to memory of 3036	1280	rundll32.exe	28
PID 1280 wrote to memory of 3036	1280	rundll32.exe	28
PID 1280 wrote to memory of 3036	1280	rundll32.exe	28
PID 1280 wrote to memory of 3036	1280	rundll32.exe	28
PID 1280 wrote to memory of 3036	1280	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad2387bad62e4fd1fc7ac9bbf1a1a802.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad2387bad62e4fd1fc7ac9bbf1a1a802.dll,#1
  2⤵
  PID:3036

memory/3036-0-0x0000000000140000-0x0000000000154000-memory.dmp

Filesize
80KB

Download
memory/3036-1-0x0000000000140000-0x0000000000154000-memory.dmp

Filesize
80KB

Download