ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 12:00

Target

ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll
Size

2.2MB
MD5

babfedc8cb68df0196607d5acd49b28b
SHA1

700c188a362e979753b890b61757932ca888a4fc
SHA256

ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816
SHA512

9899b4e133ee35da3c052c940f18cfac1f84db75ee8d583cb3da6a1357f886114eab98a42ac894c15855c9308e686c84bbbd811510b50938f07e4b907bc508ad
SSDEEP

49152:TJd0OM5FVm/8RgJsYM97tQjFozL19wNa/WgB:VCOM5jyJ1jFKp9JWgB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 3024	2920	rundll32.exe	28
PID 2920 wrote to memory of 3024	2920	rundll32.exe	28
PID 2920 wrote to memory of 3024	2920	rundll32.exe	28
PID 2920 wrote to memory of 3024	2920	rundll32.exe	28
PID 2920 wrote to memory of 3024	2920	rundll32.exe	28
PID 2920 wrote to memory of 3024	2920	rundll32.exe	28
PID 2920 wrote to memory of 3024	2920	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll,#1
  2⤵
  PID:3024