cd7c3f2c5f79c619b75afa181ed0c7e7215025a8ea514a2680f8e30bb424aef8

Analysis

max time kernel
44s
max time network
17s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 19:01

Target

Notificacion/ASUS_WMI.dll
Size

224KB
MD5

fc195ceb49f286113ba7ef14d4aeaa5f
SHA1

586677479f1565e1705d38b07274cd79e62b1b64
SHA256

eb51aedd6dded1db3ee78c6916a398a2b8537f02e932ce8307a2724e3e564916
SHA512

e0bc4191a09b47e216aae79a723aaa4ac6fbe9bfae846b51131969bedc5fb1072c2b43396025b8aa3508cd989ba402532692e8e457c4777332e42a88bf30ffa2
SSDEEP

3072:x4WuqFgPmBNEP8hXzGXPkW6ZZWWegHI/jQoAg0FubAxZ+051gh9b6q/TeWdY81:x9t2chQ2ZWWeDAOAZCLeWa81

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2916 wrote to memory of 2784	2916	rundll32.exe	rundll32.exe
PID 2916 wrote to memory of 2784	2916	rundll32.exe	rundll32.exe
PID 2916 wrote to memory of 2784	2916	rundll32.exe	rundll32.exe
PID 2916 wrote to memory of 2784	2916	rundll32.exe	rundll32.exe
PID 2916 wrote to memory of 2784	2916	rundll32.exe	rundll32.exe
PID 2916 wrote to memory of 2784	2916	rundll32.exe	rundll32.exe
PID 2916 wrote to memory of 2784	2916	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Notificacion\ASUS_WMI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Notificacion\ASUS_WMI.dll,#1
2⤵
PID:2784