4ea65224729ead1912b51d8c75c5c01efd238c4ddf8a4d753c2eb315e3f8722e

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 21:28

Target

d727c9a2f7b15d520e1d0a38ec37c596.dll
Size

4KB
MD5

d727c9a2f7b15d520e1d0a38ec37c596
SHA1

152b6895962f0e01bb1eb0ba25d82be66ef78014
SHA256

4ea65224729ead1912b51d8c75c5c01efd238c4ddf8a4d753c2eb315e3f8722e
SHA512

21b5f4b97d38ffb637181eea86203b09dc2cf2012f9298731a70c2ca2d3a1b1aa4c18294ab7f2b349db70ab8d3bc3b9e7d469167bcfef36f21756e9f41026ac0
SSDEEP

24:eNGS5k4V4v3Ca83At/QPVGRVtz/44M7lURYQ81ccJURRZCHzvRzFHLeeq3ALo/oy:a5z4K+cmATmRYoRZCTJzJertqS9d3LL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2844	2956	rundll32.exe	28
PID 2956 wrote to memory of 2844	2956	rundll32.exe	28
PID 2956 wrote to memory of 2844	2956	rundll32.exe	28
PID 2956 wrote to memory of 2844	2956	rundll32.exe	28
PID 2956 wrote to memory of 2844	2956	rundll32.exe	28
PID 2956 wrote to memory of 2844	2956	rundll32.exe	28
PID 2956 wrote to memory of 2844	2956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d727c9a2f7b15d520e1d0a38ec37c596.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d727c9a2f7b15d520e1d0a38ec37c596.dll,#1
  2⤵
  PID:2844