b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 00:10

Target

b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll
Size

7KB
MD5

7ab267c78117dfe2e1f16ff26b865f8e
SHA1

9c1588cab88fffc28c3da8d91914aedc350aedac
SHA256

b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd
SHA512

43159d5ca7f658d641856b048a9d450619ab27a69af085c38ec814c997ddc0613b3653a5b3d93a4142eb61a587963ae20e2a88862ee4cf620224deedb8b2ffe9
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWybABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPAq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2492	2224	rundll32.exe	28
PID 2224 wrote to memory of 2492	2224	rundll32.exe	28
PID 2224 wrote to memory of 2492	2224	rundll32.exe	28
PID 2224 wrote to memory of 2492	2224	rundll32.exe	28
PID 2224 wrote to memory of 2492	2224	rundll32.exe	28
PID 2224 wrote to memory of 2492	2224	rundll32.exe	28
PID 2224 wrote to memory of 2492	2224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll,#1
  2⤵
  PID:2492