42ed260123cf21e66a9b4c0bf3c72702979a760b85fbff6d99a830ec2e9f7406

Analysis

max time kernel
0s
max time network
0s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 00:20

Target

d4bd37eff07555d1f90de231c81e8841.dll
Size

88KB
MD5

d4bd37eff07555d1f90de231c81e8841
SHA1

730d0fbdc66086d70a9caddb4e46b430f8578ef9
SHA256

42ed260123cf21e66a9b4c0bf3c72702979a760b85fbff6d99a830ec2e9f7406
SHA512

b1bf4f3936e231dd819f6079761c6e608215c6a75c7e6c93b84f6ca6d59ebfc38b13707d824afdd4fe3bf00af4f1f2314f87116862ff439876fed0f605a129c6
SSDEEP

1536:g6jn++W+YFKX5Howk5AD58wIAAesfpj76aAXhFFLlYIpNieV:5jtUIXFowk5AN8wrgpj76aKFLlNNi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1656	1992	rundll32.exe	28
PID 1992 wrote to memory of 1656	1992	rundll32.exe	28
PID 1992 wrote to memory of 1656	1992	rundll32.exe	28
PID 1992 wrote to memory of 1656	1992	rundll32.exe	28
PID 1992 wrote to memory of 1656	1992	rundll32.exe	28
PID 1992 wrote to memory of 1656	1992	rundll32.exe	28
PID 1992 wrote to memory of 1656	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4bd37eff07555d1f90de231c81e8841.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4bd37eff07555d1f90de231c81e8841.dll,#1
  2⤵
  PID:1656

memory/1656-0-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/1656-1-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download