e0249049b8ea51bd0a0499163b4a21a98cd27b170519ddc316814afbacfb92f8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 00:42

Target

c2056dcfb921973e4018ab5e4d83277d.dll
Size

517KB
MD5

c2056dcfb921973e4018ab5e4d83277d
SHA1

9e7001adb297aa2b5a7f92e833bcd19a9d42c069
SHA256

e0249049b8ea51bd0a0499163b4a21a98cd27b170519ddc316814afbacfb92f8
SHA512

f68a898971183ef5dbfb0de263e2b532a03c3f700c2cb9d331bacca2761148573c65ecdd675a14018f1aee42a327562ad44f2f1b5bc64ca014c674974ccc39d7
SSDEEP

12288:1IoOoSU1V98mtf8/vSKxxHHHEQW/jml0rH:1zO0V95fKSKxnHEQWsS

Score

1^/10

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 1044	2264	rundll32.exe	28
PID 2264 wrote to memory of 1044	2264	rundll32.exe	28
PID 2264 wrote to memory of 1044	2264	rundll32.exe	28
PID 2264 wrote to memory of 1044	2264	rundll32.exe	28
PID 2264 wrote to memory of 1044	2264	rundll32.exe	28
PID 2264 wrote to memory of 1044	2264	rundll32.exe	28
PID 2264 wrote to memory of 1044	2264	rundll32.exe	28
PID 1044 wrote to memory of 2500	1044	rundll32.exe	29
PID 1044 wrote to memory of 2500	1044	rundll32.exe	29
PID 1044 wrote to memory of 2500	1044	rundll32.exe	29
PID 1044 wrote to memory of 2500	1044	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2056dcfb921973e4018ab5e4d83277d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2056dcfb921973e4018ab5e4d83277d.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1044
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c .\danulev1.bat
    3⤵
    PID:2500

C:\Users\Admin\AppData\Local\Temp\danulev1.bat

Filesize
240B

MD5
6db7756b04e6d67b5007910e1e5f4d38

SHA1
7bba76a37bf3eac53992179f8a8573cc9b884a7c

SHA256
3b07298d482d804515321656a968a47cf0b0cb366dc934d619beca464afcaff5

SHA512
85570bf42034e39c334b011c26f75bbbc6f2492129086018894cd4056b719f24dfd3d458b21e28d6635fbdcefc8ceff8e076c3883fe97f35982582af6f69f70d

Download Submit
memory/1044-0-0x00000000002F0000-0x0000000000376000-memory.dmp

Filesize
536KB

Download