159535b210161897c7d7f2d0c7b9854d3691d12b161cff0a07a159f3ff19468d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 16:39

Target

bc4b4c670ca228c2bf721a6937508a32.dll
Size

93KB
MD5

bc4b4c670ca228c2bf721a6937508a32
SHA1

71b16d3ee894c813a7255be3b8706434b3cf17f6
SHA256

159535b210161897c7d7f2d0c7b9854d3691d12b161cff0a07a159f3ff19468d
SHA512

65024372c8059518a4912866fbeb5df5d799f79324d42aded5783c7195a7119c437affc2701ac725f95acb3c1389b8a00f91de138af58477db2fbe073a643fb6
SSDEEP

1536:pJhZDMijwmrl9qclu7tR6UMIth7hf9Gp7UxnrCezyGNVkPGzehYE4FplHppfFO:VZw4HZu7tbd7VGp7UeeG1Es8tJBFO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc4b4c670ca228c2bf721a6937508a32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc4b4c670ca228c2bf721a6937508a32.dll,#1
  2⤵
  PID:2320

memory/2320-0-0x00000000002F0000-0x0000000000406000-memory.dmp

Filesize
1.1MB

Download