b8e6a1851d077383007b66d96deca1451a79c1c5a55a6e99e8ab7dc20d958a54

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 00:22

Target

b8e6a1851d077383007b66d96deca1451a79c1c5a55a6e99e8ab7dc20d958a54.dll
Size

6KB
MD5

9730a5b3f8e23aac0dda58e75ff4fc8c
SHA1

50c6edd09ce1799c9f1975dd234c2906b627acee
SHA256

b8e6a1851d077383007b66d96deca1451a79c1c5a55a6e99e8ab7dc20d958a54
SHA512

e02261cc553186697c56624e22f5f4f66e85fef31dc0ecbfb4dac7d48a754cbafb0e47bb9f5d419c464906ba31c94d22fa6b00a1dd3d86486d1c4e89c5c0c1d0
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G0oB+BDq9J5S2:0QDV8FscMjsLFV3AB+FqX5S2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2080	1900	rundll32.exe	28
PID 1900 wrote to memory of 2080	1900	rundll32.exe	28
PID 1900 wrote to memory of 2080	1900	rundll32.exe	28
PID 1900 wrote to memory of 2080	1900	rundll32.exe	28
PID 1900 wrote to memory of 2080	1900	rundll32.exe	28
PID 1900 wrote to memory of 2080	1900	rundll32.exe	28
PID 1900 wrote to memory of 2080	1900	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8e6a1851d077383007b66d96deca1451a79c1c5a55a6e99e8ab7dc20d958a54.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8e6a1851d077383007b66d96deca1451a79c1c5a55a6e99e8ab7dc20d958a54.dll,#1
  2⤵
  PID:2080