b8774eb7f84e745d2fd1fb0bca66eb0ef9a9b77fd72128c58209dca90f18b9fb

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 09:51

Target

cb19dc931aaeb19d89cd0e754e24094f.dll
Size

219KB
MD5

cb19dc931aaeb19d89cd0e754e24094f
SHA1

20c194389442633135e962d0f0ad17c3a3fdaddf
SHA256

b8774eb7f84e745d2fd1fb0bca66eb0ef9a9b77fd72128c58209dca90f18b9fb
SHA512

44f3436cc6e4ba5df77fdd26e7a28170a9cab40623309a5c4ddde6375151615d68c40a262c78110aef6b485ed19ad329cba752b2a56a4c5656460782f2616f39
SSDEEP

3072:eO1gx2h4gjRcoZ+LZG+AJ6DfscHeVmsOqFfPE6D3fVTa:51fNeHZGF6DUcHU6qxhD3fVTa

Score

4^/10

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\f49042e457e0dc98d91beaa139cd91bc.pad	rundll32.exe
File opened for modification	C:\PROGRA~3\f49042e457e0dc98d91beaa139cd91bc.pad	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1880	1956	rundll32.exe	28
PID 1956 wrote to memory of 1880	1956	rundll32.exe	28
PID 1956 wrote to memory of 1880	1956	rundll32.exe	28
PID 1956 wrote to memory of 1880	1956	rundll32.exe	28
PID 1956 wrote to memory of 1880	1956	rundll32.exe	28
PID 1956 wrote to memory of 1880	1956	rundll32.exe	28
PID 1956 wrote to memory of 1880	1956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb19dc931aaeb19d89cd0e754e24094f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb19dc931aaeb19d89cd0e754e24094f.dll,#1
  2⤵
  - Drops file in Program Files directory
  PID:1880

memory/1880-3-0x0000000000270000-0x000000000028F000-memory.dmp

Filesize
124KB

Download
memory/1880-5-0x0000000000230000-0x000000000026D000-memory.dmp

Filesize
244KB

Download
memory/1880-0-0x00000000001B0000-0x00000000001CF000-memory.dmp

Filesize
124KB

Download
memory/1880-7-0x0000000000270000-0x000000000028F000-memory.dmp

Filesize
124KB

Download
memory/1880-9-0x0000000000270000-0x000000000028F000-memory.dmp

Filesize
124KB

Download
memory/1880-11-0x0000000000270000-0x000000000028F000-memory.dmp

Filesize
124KB

Download
memory/1880-13-0x0000000000270000-0x000000000028F000-memory.dmp

Filesize
124KB

Download