942f95d4beb77bd3b0ded67f8f8bd0d650302bb26252d5b910681ebe1b5fa27b

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 03:17

Target

ba60fc29028b9660be6d12d66f76857b.dll
Size

364KB
MD5

ba60fc29028b9660be6d12d66f76857b
SHA1

9684abce08d985751f05b7346f1f5e6e92602bfe
SHA256

942f95d4beb77bd3b0ded67f8f8bd0d650302bb26252d5b910681ebe1b5fa27b
SHA512

36675eec749f6e6dbd837827dd2bec0ac4843309cb2320a070eee3135cffac6f41bd80710f1fb6c710a2eef1e3244a6644851593a99b6dcf531caf03d80842cd
SSDEEP

6144:RTENYaV9XoE9pHCfj/xjlrNyTmDrZ+6IgsCm7esha2T64C8bq6qI8d6xZ52zkJfi:MYkHuT0Ty1+6MgQT64C5d0Z52AJfGoE9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba60fc29028b9660be6d12d66f76857b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba60fc29028b9660be6d12d66f76857b.dll,#1
  2⤵
  PID:2192

memory/2192-0-0x00000000020C0000-0x00000000025D3000-memory.dmp

Filesize
5.1MB

Download