21e2a8a95af1c6e4c6fe804b1220ead3b2357667e436127f185bfff3d34b3b93

Analysis

max time kernel
118s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 09:53

Target

be4eaa2f12359200d8a1450e0cf37155.dll
Size

12KB
MD5

be4eaa2f12359200d8a1450e0cf37155
SHA1

97f0c76d41d82e49f303c45264b48494ef269748
SHA256

21e2a8a95af1c6e4c6fe804b1220ead3b2357667e436127f185bfff3d34b3b93
SHA512

5de4977c1d8969d6b3c0fdbaf71014d0e225a111d99c45c24923c34606e598147a13fbc24fe21660de8b4a9219865508849a1c500efe225a87cadf75ef4a2ca5
SSDEEP

192:NDOta3gLte01Yxx0R8fBaRbGFnBO1novHtVqI670fvX+2aOdp:snY01YnA8fBsynBO1nsD4wmwn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 2452	752	rundll32.exe	29
PID 752 wrote to memory of 2452	752	rundll32.exe	29
PID 752 wrote to memory of 2452	752	rundll32.exe	29
PID 752 wrote to memory of 2452	752	rundll32.exe	29
PID 752 wrote to memory of 2452	752	rundll32.exe	29
PID 752 wrote to memory of 2452	752	rundll32.exe	29
PID 752 wrote to memory of 2452	752	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be4eaa2f12359200d8a1450e0cf37155.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\be4eaa2f12359200d8a1450e0cf37155.dll,#1
  2⤵
  PID:2452