f0ae9815e5b9a658dc1a98ac37639e7dae6800cf6e037dd233b4700159454446

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-03-2024 16:58

Target

e2277c915a949413c29d78cbe1828273.dll
Size

68KB
MD5

e2277c915a949413c29d78cbe1828273
SHA1

f76cda5602312fc40fd813147e26a571613ebf46
SHA256

f0ae9815e5b9a658dc1a98ac37639e7dae6800cf6e037dd233b4700159454446
SHA512

bdbb690be8310367dc26f085dfef3328bd90ae338b5e2ef87846631b04721b913c649a55e4d284dfee0a61d8612ab3813f53ef191430ff9b1edaa40f19037b63
SSDEEP

1536:ApcvBq2h8vA0tBNzLYPsL6ECH6u32+JORFPJvmbBc4cxIWd:Ap+hL+NzQslCTOR1Jvv4bWd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2084	2324	rundll32.exe	28
PID 2324 wrote to memory of 2084	2324	rundll32.exe	28
PID 2324 wrote to memory of 2084	2324	rundll32.exe	28
PID 2324 wrote to memory of 2084	2324	rundll32.exe	28
PID 2324 wrote to memory of 2084	2324	rundll32.exe	28
PID 2324 wrote to memory of 2084	2324	rundll32.exe	28
PID 2324 wrote to memory of 2084	2324	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2277c915a949413c29d78cbe1828273.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2277c915a949413c29d78cbe1828273.dll,#1
  2⤵
  PID:2084

memory/2084-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/2084-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/2084-2-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/2084-3-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download