729f3b57b327bf72e25a6caf13cbfbeeda92cb34a463ea02fec2112a3fdbcb58

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 14:22

Target

bc06f48e9f710024cbdab61ad516bbda.dll
Size

690KB
MD5

bc06f48e9f710024cbdab61ad516bbda
SHA1

e0c75514a6f1675b6a55cb4b2711283ba09ad763
SHA256

729f3b57b327bf72e25a6caf13cbfbeeda92cb34a463ea02fec2112a3fdbcb58
SHA512

a644a02d0d5ed4ae55a5bfe772001066f33683e7868e03eedc4fc3944bdb773d9be05ca47aa38314b456c78e8725ebecb24e93dd8603c6de7689ff3c3c00274b
SSDEEP

12288:1V12dCZ2Vqwjqy/S0zsJoX7zGhT7LVsViYCjb3uu21NQ8JJlj:1X2EoVqKl5yoX7KhzWSHun1y2j

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2472	1464	rundll32.exe	28
PID 1464 wrote to memory of 2472	1464	rundll32.exe	28
PID 1464 wrote to memory of 2472	1464	rundll32.exe	28
PID 1464 wrote to memory of 2472	1464	rundll32.exe	28
PID 1464 wrote to memory of 2472	1464	rundll32.exe	28
PID 1464 wrote to memory of 2472	1464	rundll32.exe	28
PID 1464 wrote to memory of 2472	1464	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc06f48e9f710024cbdab61ad516bbda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc06f48e9f710024cbdab61ad516bbda.dll,#1
  2⤵
  PID:2472

memory/2472-0-0x0000000001F20000-0x00000000020EE000-memory.dmp

Filesize
1.8MB

Download
memory/2472-1-0x0000000001F20000-0x00000000020EE000-memory.dmp

Filesize
1.8MB

Download
memory/2472-2-0x0000000001F20000-0x00000000020EE000-memory.dmp

Filesize
1.8MB

Download