36feb592174c288ff70526a4d5ce2914f5be0ae21094af34f31e05539c8acb89

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 23:10

Target

a7e91e0e2f1fbc1aeeb7801713c89432.dll
Size

7KB
MD5

a7e91e0e2f1fbc1aeeb7801713c89432
SHA1

6f9915e6e39d39472f6b2151ec626be86d966b96
SHA256

36feb592174c288ff70526a4d5ce2914f5be0ae21094af34f31e05539c8acb89
SHA512

553c25a8a2395274f5391335143d58811aac497c6c9a300f89e8d723db61fd3fa2573cd2d57b4e780d641d7f1268aa9601ec535d32dd901279a5f412d33a7c6a
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWfbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPtq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2184	2008	rundll32.exe	28
PID 2008 wrote to memory of 2184	2008	rundll32.exe	28
PID 2008 wrote to memory of 2184	2008	rundll32.exe	28
PID 2008 wrote to memory of 2184	2008	rundll32.exe	28
PID 2008 wrote to memory of 2184	2008	rundll32.exe	28
PID 2008 wrote to memory of 2184	2008	rundll32.exe	28
PID 2008 wrote to memory of 2184	2008	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7e91e0e2f1fbc1aeeb7801713c89432.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7e91e0e2f1fbc1aeeb7801713c89432.dll,#1
  2⤵
  PID:2184