1311c6a703f50d945a54f86af25cc776d36c77a3fffdee3f4f816d7565d4176d

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 05:39

Target

b3ed22ced5f46af953ca4ea76ad88aa1.dll
Size

840KB
MD5

b3ed22ced5f46af953ca4ea76ad88aa1
SHA1

c73079d450a73918477f85ae9f88d7e5c0e752f4
SHA256

1311c6a703f50d945a54f86af25cc776d36c77a3fffdee3f4f816d7565d4176d
SHA512

ebb3b76acc90722b03a097e2ea4a9dd4144f0e0ec65c5f85565321d096dc0f903b0785a5bf5148696c411c094833c97ef2ed0d3cdcd6c66f9371a0b396030260
SSDEEP

12288:0C1rDKmuBVgdrVLEwSKFFi87Ki15tJX25VUXQ4Mj/ju07ZlSLJtRs/yJ:0CFKBV2rV8K3i8OixXYUibu07Zlr2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2340	2180	rundll32.exe	28
PID 2180 wrote to memory of 2340	2180	rundll32.exe	28
PID 2180 wrote to memory of 2340	2180	rundll32.exe	28
PID 2180 wrote to memory of 2340	2180	rundll32.exe	28
PID 2180 wrote to memory of 2340	2180	rundll32.exe	28
PID 2180 wrote to memory of 2340	2180	rundll32.exe	28
PID 2180 wrote to memory of 2340	2180	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ed22ced5f46af953ca4ea76ad88aa1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ed22ced5f46af953ca4ea76ad88aa1.dll,#1
  2⤵
  PID:2340