e30694ce3bf3c650535118f826db1625ebf8eb185720f5a0dbe83761fbd3badc

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 01:32

Target

c21f6220ad0c237cff6a98fa1aef3ecc.dll
Size

51KB
MD5

c21f6220ad0c237cff6a98fa1aef3ecc
SHA1

b5b2ddafc3dc9755f20c4476ea90c7660bb78539
SHA256

e30694ce3bf3c650535118f826db1625ebf8eb185720f5a0dbe83761fbd3badc
SHA512

2e65f0cadb2999fa945cdbe071984fdbc22bdf671a44c4d114c8fb41366df0a7b396640a42820b79cc944a790f4bba25c9c6496f7fc93d8d91b2b74a8584da12
SSDEEP

768:PQHXadLlbizsU9t0S6B8LbRJlk7eeSpeqz4FFsZQ01Ziv:PpPYt0S6B8ZkQeyYFufK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2748	3028	rundll32.exe	28
PID 3028 wrote to memory of 2748	3028	rundll32.exe	28
PID 3028 wrote to memory of 2748	3028	rundll32.exe	28
PID 3028 wrote to memory of 2748	3028	rundll32.exe	28
PID 3028 wrote to memory of 2748	3028	rundll32.exe	28
PID 3028 wrote to memory of 2748	3028	rundll32.exe	28
PID 3028 wrote to memory of 2748	3028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c21f6220ad0c237cff6a98fa1aef3ecc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c21f6220ad0c237cff6a98fa1aef3ecc.dll,#1
  2⤵
  PID:2748