dcdc99a71af2d3db2cb3004dd3e91a4908d71a876179b447ed116742cff8ba3b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 07:58

Target

$TEMP/whatnot/failure/cgi-bin/sbsdiasymreader.dll
Size

5KB
MD5

ea10730088607402b9847df60ddf682b
SHA1

28b4b4232bfa6ca50a219c812662b814c92a934e
SHA256

f4f244516ff66af8827603af7adc897410760904067bccd793ce311c01e69daa
SHA512

ed723d3adf51e5fb89ee32c1b082f1bfe4c87b3e43c9c326054ab6c9133e16c130886ef9bd0990dc376fb620b67c3f070843114f4f75c3d5824a050b47403812
SSDEEP

48:C0ytDZk8cf6uE4PYPF18s42oTNZuvUtZWNHWHlDnIBSrSFg5WWrn56:7ytDZfcSu7gPF42ONY6Wt0JnIBdF0WP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1540 wrote to memory of 2692	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2692	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2692	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2692	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2692	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2692	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2692	1540	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\whatnot\failure\cgi-bin\sbsdiasymreader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1540

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\whatnot\failure\cgi-bin\sbsdiasymreader.dll,#1
2⤵
PID:2692