5a9fdd196c757a29ced272abd30fed814311e2381cea45751a7782a19474f1f0

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 19:49

Target

dff4cf9c84ba5a555272b864d378d96f.dll
Size

41KB
MD5

dff4cf9c84ba5a555272b864d378d96f
SHA1

84c97705f05e324168f0ff1abde44e2c1bdc8f69
SHA256

5a9fdd196c757a29ced272abd30fed814311e2381cea45751a7782a19474f1f0
SHA512

f484f99816ea62a9261e0460f8af20201468e55d25ce2fa690e642399939c7b1d282b2cf19e039a90f695d6c5b065345aa1b3965a4b034905c5a6d584ef3a72e
SSDEEP

768:WC4qfQ88T6wONtNzAfSgQf+zYMfOs9HGFtmLq2GWj5B20cA:x4qfQbT9ONtNzlKYMzt/cA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2912	2968	rundll32.exe	28
PID 2968 wrote to memory of 2912	2968	rundll32.exe	28
PID 2968 wrote to memory of 2912	2968	rundll32.exe	28
PID 2968 wrote to memory of 2912	2968	rundll32.exe	28
PID 2968 wrote to memory of 2912	2968	rundll32.exe	28
PID 2968 wrote to memory of 2912	2968	rundll32.exe	28
PID 2968 wrote to memory of 2912	2968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dff4cf9c84ba5a555272b864d378d96f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dff4cf9c84ba5a555272b864d378d96f.dll,#1
  2⤵
  PID:2912

memory/2912-0-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download