6e514be0bc3a84601e3637c8b033dec262f8a00149ad8992920f5d8b6c336f60

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 12:29

Target

b8bb7c655b3820b0602e048a82e511a4.dll
Size

232KB
MD5

b8bb7c655b3820b0602e048a82e511a4
SHA1

2ba03d805e863e745adf415c320081f00b6af924
SHA256

6e514be0bc3a84601e3637c8b033dec262f8a00149ad8992920f5d8b6c336f60
SHA512

7a9ba5b2562edb2b4e4f1ca418020c3b809676982db6790d3a8391567aaf64c7c9a63a372b0c9906879b9e14717cec2add8c93adb1f525fbc55e7180f9a5e59a
SSDEEP

3072:3pR/j8Mui4vNaJZEVU67FC52k99geYK4W6mHHvv7VCirTcmS5AIg01+WpgXXDrcp:5ecdZElQ52klB4WLH7785dzVCaxNl8u5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2688	3040	rundll32.exe	27
PID 3040 wrote to memory of 2688	3040	rundll32.exe	27
PID 3040 wrote to memory of 2688	3040	rundll32.exe	27
PID 3040 wrote to memory of 2688	3040	rundll32.exe	27
PID 3040 wrote to memory of 2688	3040	rundll32.exe	27
PID 3040 wrote to memory of 2688	3040	rundll32.exe	27
PID 3040 wrote to memory of 2688	3040	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8bb7c655b3820b0602e048a82e511a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8bb7c655b3820b0602e048a82e511a4.dll,#1
  2⤵
  PID:2688