5e4d4c6d2fe2611d8724962f356d2e001e5f234a49c7ab6b264bae644db92891

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 16:44

Target

dfa144bfd23c8d4df152d2eaab51618e.dll
Size

35KB
MD5

dfa144bfd23c8d4df152d2eaab51618e
SHA1

859d3e696e58a7df5aee39c60fa70c322a4f36ac
SHA256

5e4d4c6d2fe2611d8724962f356d2e001e5f234a49c7ab6b264bae644db92891
SHA512

4c5efbd9eab490a0c1a06f241a2bf6d811b33115e2627b0cb83a963b9eaac30a56e750b4511c5373fd8146ea7435a8bd8127fa65db54ba49b53205edf64d3870
SSDEEP

768:nnWy0L5TXpVQcqxieaSrM/W4uGes7UOFTcJ5hlD8oR3Y0eX:SLtXvQqSrMe/s7UOdcrXlRI0+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2660	2460	rundll32.exe	28
PID 2460 wrote to memory of 2660	2460	rundll32.exe	28
PID 2460 wrote to memory of 2660	2460	rundll32.exe	28
PID 2460 wrote to memory of 2660	2460	rundll32.exe	28
PID 2460 wrote to memory of 2660	2460	rundll32.exe	28
PID 2460 wrote to memory of 2660	2460	rundll32.exe	28
PID 2460 wrote to memory of 2660	2460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfa144bfd23c8d4df152d2eaab51618e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfa144bfd23c8d4df152d2eaab51618e.dll,#1
  2⤵
  PID:2660