83a3bf48e107fb7142f29b6a3d2fe0b78aca9e91a8f648f05c99af05827120e5

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 06:38 UTC

Target

a83f6e7a71d300c1f5dd457d848a9859eebef336b3447e5623c37fc8077fa42f.dll
Size

840KB
MD5

9f81f7463f720ee4de86ba4c7c5db8e1
SHA1

0a6559d54a477052ee309b4f78119627cb1dafab
SHA256

a83f6e7a71d300c1f5dd457d848a9859eebef336b3447e5623c37fc8077fa42f
SHA512

7d298c1a3ec9505c7de49a48d4af9a87a7d38d23795f48383659c5869d7337117398bbb8db0d4af6bbdce434c3868e314a3cb033c3b3593de2902c8d1856a06f
SSDEEP

24576:Me9nfmpSVmL+Cf72yb1SFEtEfPmY4uRD7HpUMhOw8ghE:rBmpSVmLfCDfPJ4cDFPhmghE

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2892	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2892	3040	rundll32.exe	28
PID 3040 wrote to memory of 2892	3040	rundll32.exe	28
PID 3040 wrote to memory of 2892	3040	rundll32.exe	28
PID 3040 wrote to memory of 2892	3040	rundll32.exe	28
PID 3040 wrote to memory of 2892	3040	rundll32.exe	28
PID 3040 wrote to memory of 2892	3040	rundll32.exe	28
PID 3040 wrote to memory of 2892	3040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a83f6e7a71d300c1f5dd457d848a9859eebef336b3447e5623c37fc8077fa42f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a83f6e7a71d300c1f5dd457d848a9859eebef336b3447e5623c37fc8077fa42f.dll,#1
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2892

memory/2892-0-0x00000000001C0000-0x00000000001F6000-memory.dmp

Filesize
216KB

Download
memory/2892-1-0x00000000001C0000-0x00000000001F6000-memory.dmp

Filesize
216KB

Download