5e733d6c78e3454bbb770f8c00a3a143a0a02739e86fc39a6adf18f8b914f1fe

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
04/04/2024, 21:15

Target

5e733d6c78e3454bbb770f8c00a3a143a0a02739e86fc39a6adf18f8b914f1fe.dll
Size

7KB
MD5

e13e3ea6c51d094e2b7020866fef6bbc
SHA1

12f14fe7bdac19b1eec2a0ae1b06c86106beb3a0
SHA256

5e733d6c78e3454bbb770f8c00a3a143a0a02739e86fc39a6adf18f8b914f1fe
SHA512

c69e341e76565f9dd06ffad7bbec196813af25322ff229423a868a53a536964d8648766414e8b203e737aa67811f737323d64f597c1c2033665ef4e2a2b99a52
SSDEEP

96:wb4VHccYJUC/aFbz/j0OvaPmd3cX5aXW:wUaJf/aFbP0O12JaX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2928	2876	rundll32.exe	28
PID 2876 wrote to memory of 2928	2876	rundll32.exe	28
PID 2876 wrote to memory of 2928	2876	rundll32.exe	28
PID 2876 wrote to memory of 2928	2876	rundll32.exe	28
PID 2876 wrote to memory of 2928	2876	rundll32.exe	28
PID 2876 wrote to memory of 2928	2876	rundll32.exe	28
PID 2876 wrote to memory of 2928	2876	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e733d6c78e3454bbb770f8c00a3a143a0a02739e86fc39a6adf18f8b914f1fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e733d6c78e3454bbb770f8c00a3a143a0a02739e86fc39a6adf18f8b914f1fe.dll,#1
  2⤵
  PID:2928