5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 20:32

Target

5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc.dll
Size

117KB
MD5

d39387bd2fc6fa7375965f9e484ff25b
SHA1

31da0ccf4ebc271e0b7266b9b9507bf7ab89860d
SHA256

5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc
SHA512

19369c222dc2627a3e6c0419727ecda2c26992778850b49cfa2e7af8e3c7bd2f04e8e9cbf7f51db2436ff18e40782c357610161c544e4ac47c8d7e0caa3d3553
SSDEEP

1536:Xz0072hKqtpysxpQiYibFJ+Tk9k2B+hc1jfsWjcdsh9qZrRX1q:XIvhKpsjQWFCo+IgshIZrRX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1232	2220	rundll32.exe	28
PID 2220 wrote to memory of 1232	2220	rundll32.exe	28
PID 2220 wrote to memory of 1232	2220	rundll32.exe	28
PID 2220 wrote to memory of 1232	2220	rundll32.exe	28
PID 2220 wrote to memory of 1232	2220	rundll32.exe	28
PID 2220 wrote to memory of 1232	2220	rundll32.exe	28
PID 2220 wrote to memory of 1232	2220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc.dll,#1
  2⤵
  PID:1232