d3ab93925d2a260dc2a4bf30528d55a16119c39fa70eeb076d4a06505f4d937d

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 07:19

Target

cd7443840b159e78a47d4247571d0e48.dll
Size

235KB
MD5

cd7443840b159e78a47d4247571d0e48
SHA1

ad939787a14089eb74037f04922cee8bdf18bbb1
SHA256

d3ab93925d2a260dc2a4bf30528d55a16119c39fa70eeb076d4a06505f4d937d
SHA512

129debbc5e7dca31aeb484de1992edf08f673ad57762649e369c302f9378a65a0132a4cba9977cfa2aa5f8ff686377d0dc1d46648f7ac5eee33b9610055a0a87
SSDEEP

3072:nIvuqvKnQ4ZLameSfVXkUSI9I2pJd4taXhwJjfyqHvg3fR+cj4lU3C/RxOHI:vdnVta3U1DrXwaqHI3DjU8C/RA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2216	1244	rundll32.exe	28
PID 1244 wrote to memory of 2216	1244	rundll32.exe	28
PID 1244 wrote to memory of 2216	1244	rundll32.exe	28
PID 1244 wrote to memory of 2216	1244	rundll32.exe	28
PID 1244 wrote to memory of 2216	1244	rundll32.exe	28
PID 1244 wrote to memory of 2216	1244	rundll32.exe	28
PID 1244 wrote to memory of 2216	1244	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd7443840b159e78a47d4247571d0e48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd7443840b159e78a47d4247571d0e48.dll,#1
  2⤵
  PID:2216

memory/2216-0-0x0000000000270000-0x000000000027B000-memory.dmp

Filesize
44KB

Download
memory/2216-1-0x0000000010000000-0x0000000010063000-memory.dmp

Filesize
396KB

Download