e3e189c953ccb6f7140e66436f4f2799c99ae7f6928e4db134f7eed7091e16ed

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 14:17

Target

b79b9033afc3db8109bb0bd86abc7185.dll
Size

184KB
MD5

b79b9033afc3db8109bb0bd86abc7185
SHA1

b3089901c5e0f7089ab732aacd67ea22b46ff072
SHA256

e3e189c953ccb6f7140e66436f4f2799c99ae7f6928e4db134f7eed7091e16ed
SHA512

199191eddcc523ff185d1f7e7ca39fc7f3ac802697d0095f70a5b3574c927708c7a7b032199d531da1c7e91d8a110877d8e1a393266069507d1e7079a6ae8a2c
SSDEEP

3072:KEVDSrpqhHl78xVFhRxc4SXOSKw1m9Cv1Ig0Y2jgcoX/otaOde2:5VDS9qhF7exG4SXH1kCvGnDogtaYZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2212	2904	rundll32.exe	28
PID 2904 wrote to memory of 2212	2904	rundll32.exe	28
PID 2904 wrote to memory of 2212	2904	rundll32.exe	28
PID 2904 wrote to memory of 2212	2904	rundll32.exe	28
PID 2904 wrote to memory of 2212	2904	rundll32.exe	28
PID 2904 wrote to memory of 2212	2904	rundll32.exe	28
PID 2904 wrote to memory of 2212	2904	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b79b9033afc3db8109bb0bd86abc7185.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b79b9033afc3db8109bb0bd86abc7185.dll,#1
  2⤵
  PID:2212