f22f7558095523b47aae70f1d15fcb113c5298304033ec495fefcf00d89077f6

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 04:52

Target

ca86e68435989e4038afe6f03ff41892.dll
Size

166KB
MD5

ca86e68435989e4038afe6f03ff41892
SHA1

3da2fcfda97f63bd12238c7a021989311a17c348
SHA256

f22f7558095523b47aae70f1d15fcb113c5298304033ec495fefcf00d89077f6
SHA512

8333bad189030540ad52a2fc1f53c9a6cda5ec6750a6ee52f19d7d2a6fabbe1d5ce63cd64fa2c0679572816f0d19f715875eab7718473a14cd1955212749e5f6
SSDEEP

3072:pK65lquD2nsoP+L2dRFVpjYX6cCMlx0jbYsZfCNMtueFLNwJQ69d9omout:pKUlensQ+yxcKKlWjcsQNMth6JQ6JomZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2464	840	rundll32.exe	28
PID 840 wrote to memory of 2464	840	rundll32.exe	28
PID 840 wrote to memory of 2464	840	rundll32.exe	28
PID 840 wrote to memory of 2464	840	rundll32.exe	28
PID 840 wrote to memory of 2464	840	rundll32.exe	28
PID 840 wrote to memory of 2464	840	rundll32.exe	28
PID 840 wrote to memory of 2464	840	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca86e68435989e4038afe6f03ff41892.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca86e68435989e4038afe6f03ff41892.dll,#1
  2⤵
  PID:2464

memory/2464-0-0x0000000010000000-0x0000000010069000-memory.dmp

Filesize
420KB

Download
memory/2464-1-0x0000000010000000-0x0000000010069000-memory.dmp

Filesize
420KB

Download
memory/2464-2-0x0000000010000000-0x0000000010069000-memory.dmp

Filesize
420KB

Download
memory/2464-3-0x0000000010000000-0x0000000010069000-memory.dmp

Filesize
420KB

Download