23f815907d8b4e66e6e9e4fb9609850ddb16a9d6887c778438c01fc522b10e60

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 13:08

Target

c8b16a13a904af9382d3095046840d8f.dll
Size

680KB
MD5

c8b16a13a904af9382d3095046840d8f
SHA1

5fb3a589ccf0589a39ef2d56780c14c67226f631
SHA256

23f815907d8b4e66e6e9e4fb9609850ddb16a9d6887c778438c01fc522b10e60
SHA512

4d4f5457583b3fb4f15a17914dfc0a073ece98451d624086409e8bc85977a1be9a08f7660a948603dba769ef305af35d55f648a0396b705839659ed7bc519960
SSDEEP

12288:eoPCK6XOq9xBPK6xGLNI/CHu7nnUzWOa9RWraVqetVKfBdduXCJ:xd8R8aAerKfBdduXg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 1680	2792	rundll32.exe	28
PID 2792 wrote to memory of 1680	2792	rundll32.exe	28
PID 2792 wrote to memory of 1680	2792	rundll32.exe	28
PID 2792 wrote to memory of 1680	2792	rundll32.exe	28
PID 2792 wrote to memory of 1680	2792	rundll32.exe	28
PID 2792 wrote to memory of 1680	2792	rundll32.exe	28
PID 2792 wrote to memory of 1680	2792	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8b16a13a904af9382d3095046840d8f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8b16a13a904af9382d3095046840d8f.dll,#1
  2⤵
  PID:1680