5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-02-2024 05:27

Target

Job Interview/UpdateRingSettings.dll
Size

377KB
MD5

9f950504d5ea22c6f1ee20f7c2ed3b7b
SHA1

5090de783322847e6395567e7449fc4200b054a5
SHA256

37253093d3c8ed1d56b3a50f31f8944888ff38b714097637c5372a0ad19c337b
SHA512

ae80c7778304140d4476d42f6ef4439c61c2ec4ff42958007b93418a53908fb516544c57e1db99b7a6d79ae501f49c46f6636d8f967b033e744feb33879e0734
SSDEEP

6144:NUlY4DS+edXqQE0jrJdi2Jnrly7IhPdZGVTQHtjM+jlxmFdNwtRx5Kg3jcCE++Jv:NU64s6QPrzi85tdX+ExMwtjcwOcS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1848 wrote to memory of 1984	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 1984	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 1984	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 1984	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 1984	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 1984	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 1984	1848	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Job Interview\UpdateRingSettings.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Job Interview\UpdateRingSettings.dll",#1
2⤵
PID:1984