108020b7df7284f2c28db8e46b626e0cbc8b47bb68b5fabb2b4d746c8d851437

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 00:45

Target

ad44101f92b96e3e2039d54ace05a9c6.dll
Size

192KB
MD5

ad44101f92b96e3e2039d54ace05a9c6
SHA1

2abb7cd8321448f1c61a47fa2411ea9ce53a2fca
SHA256

108020b7df7284f2c28db8e46b626e0cbc8b47bb68b5fabb2b4d746c8d851437
SHA512

1c16d12a7ec3fb436a28d9e04b344a6616ec65840d8621098948f9c61a26da39136ca1df65e1e06b2a60b3908c7e3d142bcfd30eeebc698cc3b8920be19e0c1e
SSDEEP

3072:yNbpOnPsGqQTruHLD7RcQxKrrdNU0VAtrOpOOWxOv4Kn7qbjx7T/HrmF:yNbqaLD7RcukVAtSQOWcgWqbV77LmF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2904	1220	rundll32.exe	28
PID 1220 wrote to memory of 2904	1220	rundll32.exe	28
PID 1220 wrote to memory of 2904	1220	rundll32.exe	28
PID 1220 wrote to memory of 2904	1220	rundll32.exe	28
PID 1220 wrote to memory of 2904	1220	rundll32.exe	28
PID 1220 wrote to memory of 2904	1220	rundll32.exe	28
PID 1220 wrote to memory of 2904	1220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad44101f92b96e3e2039d54ace05a9c6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad44101f92b96e3e2039d54ace05a9c6.dll,#1
  2⤵
  PID:2904