9a798e0b14004e01c5f336aeb471816c11a62af851b1a0f36284078b8cf09847

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 07:45

Target

9a798e0b14004e01c5f336aeb471816c11a62af851b1a0f36284078b8cf09847.dll
Size

10KB
MD5

2b9d21311c803ca26fa9741b37882c11
SHA1

e9db80181b228d347e8a0c1f5fd3487c143bfd3f
SHA256

9a798e0b14004e01c5f336aeb471816c11a62af851b1a0f36284078b8cf09847
SHA512

4192d5f366bbea89dc2ad952b8e53c8b18ff5bf55a5874da82e69d58a29ec75b22dea002891d2a2bb520541e011e8b16d2722fd473dc975c699af51895106abd
SSDEEP

96:F8rQHrAtJf7y8uRWzBFuZo9fPXxJJ+uZOvsghenGqsjfhDQrOPyNN:DLWJf28wWzBgZ4ZO5eYRQrlN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 3012	1880	rundll32.exe	28
PID 1880 wrote to memory of 3012	1880	rundll32.exe	28
PID 1880 wrote to memory of 3012	1880	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a798e0b14004e01c5f336aeb471816c11a62af851b1a0f36284078b8cf09847.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c command.cmd
  2⤵
  PID:3012