f3cb59b73f6c3b56ae299bb08e8b715245d8fbdeb5809024c8606f84a8fd08be

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 11:29

Target

b8a171281061a6de35532db66dc7ef72.dll
Size

29KB
MD5

b8a171281061a6de35532db66dc7ef72
SHA1

daae84f1e6980049e29ec357001e733b3a0ac431
SHA256

f3cb59b73f6c3b56ae299bb08e8b715245d8fbdeb5809024c8606f84a8fd08be
SHA512

69d5f95bca4565e576755c122ece8aa6538d3d633309fbba6bf95e0151a7d3cd891967f4b9f5a4d29698f9a0479f27913002632eabfabf4115e099df611dc9d9
SSDEEP

768:u861gfM1/i1sm07+EKS1duURwT/MRvs0yzMj:LOgU16s31AURwT4szzM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2912	2860	rundll32.exe	28
PID 2860 wrote to memory of 2912	2860	rundll32.exe	28
PID 2860 wrote to memory of 2912	2860	rundll32.exe	28
PID 2860 wrote to memory of 2912	2860	rundll32.exe	28
PID 2860 wrote to memory of 2912	2860	rundll32.exe	28
PID 2860 wrote to memory of 2912	2860	rundll32.exe	28
PID 2860 wrote to memory of 2912	2860	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8a171281061a6de35532db66dc7ef72.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8a171281061a6de35532db66dc7ef72.dll,#1
  2⤵
  PID:2912

memory/2912-0-0x00000000752A0000-0x00000000752B3000-memory.dmp

Filesize
76KB

Download
memory/2912-1-0x0000000075290000-0x00000000752A3000-memory.dmp

Filesize
76KB

Download
memory/2912-2-0x00000000752A0000-0x00000000752B3000-memory.dmp

Filesize
76KB

Download
memory/2912-4-0x0000000077B40000-0x0000000077B41000-memory.dmp

Filesize
4KB

Download
memory/2912-3-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2912-5-0x0000000077B3F000-0x0000000077B40000-memory.dmp

Filesize
4KB

Download
memory/2912-6-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2912-8-0x0000000075280000-0x0000000075293000-memory.dmp

Filesize
76KB

Download
memory/2912-9-0x0000000077B40000-0x0000000077B41000-memory.dmp

Filesize
4KB

Download
memory/2912-7-0x0000000000410000-0x000000000041E000-memory.dmp

Filesize
56KB

Download