e5f409b35c4b301535912cd8681b0e3c53118ddf14f03f77800445df86b01e36

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 07:04

Target

b6ce1dd97fe6351b291748a57a9dc80a.dll
Size

64KB
MD5

b6ce1dd97fe6351b291748a57a9dc80a
SHA1

75186b2b37bc7fced25e820bcffaf4ccb688ae79
SHA256

e5f409b35c4b301535912cd8681b0e3c53118ddf14f03f77800445df86b01e36
SHA512

5f7c14b1e8cb3d6394be993e6ff5c2f1035f150f6914234ef7c3eb3a930e637dd7e0d2192e7d1d9105511ceac6cbbe43838d19b834437ab2d6e9f24091bbe046
SSDEEP

768:FHLEjXqOcy48wA+LkoqW8lyTxkw9U2p26wbzC5sdxMjiB9UQgwWHiGOs3qb:FWaC+Ltq1lyTCM8nzN4los6b

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2180	2728	rundll32.exe	28
PID 2728 wrote to memory of 2180	2728	rundll32.exe	28
PID 2728 wrote to memory of 2180	2728	rundll32.exe	28
PID 2728 wrote to memory of 2180	2728	rundll32.exe	28
PID 2728 wrote to memory of 2180	2728	rundll32.exe	28
PID 2728 wrote to memory of 2180	2728	rundll32.exe	28
PID 2728 wrote to memory of 2180	2728	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6ce1dd97fe6351b291748a57a9dc80a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6ce1dd97fe6351b291748a57a9dc80a.dll,#1
  2⤵
  PID:2180