ee8ce5f6949cb9d8b627a35b8c9ad2f87c276197e5b033e32fafe080b08e0648

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 15:45

Target

d3e3cd9891d9b69575402e2994c7f9e3.dll
Size

47KB
MD5

d3e3cd9891d9b69575402e2994c7f9e3
SHA1

14b5f6016ce3cdbc250dbe19c6b9bfd8d9bf76f6
SHA256

ee8ce5f6949cb9d8b627a35b8c9ad2f87c276197e5b033e32fafe080b08e0648
SHA512

7062ae9f35989c93122d7d74a70603f0eef6c1cf8202fc8d814ce3ebf14e0c634f30f32fde4bfe6071079717fcae4f333bc68061b0f7f4b032b1f35b7eecc476
SSDEEP

768:9O9cukRe2fbwYYKmja9nLi2opPr3nC+06YkRLSGU7EZWBJj:EuFemw129nLI3R0PQMgZWX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3e3cd9891d9b69575402e2994c7f9e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3e3cd9891d9b69575402e2994c7f9e3.dll,#1
  2⤵
  PID:1956

memory/1956-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1956-3-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1956-2-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1956-1-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download