6ed68ecb7d085fc6da20b9ca8c5687e8e1d05e12379c94be37dee1f73809c34b

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 21:03

Target

acd9a6e38902f9f3b06408b9ef3aa919.dll
Size

242KB
MD5

acd9a6e38902f9f3b06408b9ef3aa919
SHA1

2f8cd48d8527b7a6e5f3aacd1d235b2e3bc70212
SHA256

6ed68ecb7d085fc6da20b9ca8c5687e8e1d05e12379c94be37dee1f73809c34b
SHA512

081e6c7bf659b3a09b92261d87848f91167fbf8635a75a944cb3482af124854231088b7a5c6b01c65c5a9d65626d4aff6c0e95e236c95be575eefe2517b58d05
SSDEEP

3072:noyxvfGCX2tMY/jgAg2qvCPdrqnS2zT4sPLc9Uq1ul5hrc:noQfL6MAgjbT4uc97j

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2836	2356	rundll32.exe	28
PID 2356 wrote to memory of 2836	2356	rundll32.exe	28
PID 2356 wrote to memory of 2836	2356	rundll32.exe	28
PID 2356 wrote to memory of 2836	2356	rundll32.exe	28
PID 2356 wrote to memory of 2836	2356	rundll32.exe	28
PID 2356 wrote to memory of 2836	2356	rundll32.exe	28
PID 2356 wrote to memory of 2836	2356	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\acd9a6e38902f9f3b06408b9ef3aa919.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\acd9a6e38902f9f3b06408b9ef3aa919.dll,#1
  2⤵
  PID:2836

memory/2836-0-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download