4bdc63acbbdc6f332d710327cae95825e517e5023c8c3d708433d4adbd905565

Analysis

max time kernel
0s
max time network
0s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 10:50

Target

4bdc63acbbdc6f332d710327cae95825e517e5023c8c3d708433d4adbd905565.dll
Size

1.2MB
MD5

cdb4cd72622317fd3203b5dd2da451a0
SHA1

60e59b18f77aa4ffe7b94300c2d0ae3f119c68b7
SHA256

4bdc63acbbdc6f332d710327cae95825e517e5023c8c3d708433d4adbd905565
SHA512

ce929a9c39d8feda6962412121c1fbc481885e8a4bef24c537aae655c0ecf52fda80af316ba945684517f4f7414f9ed58993d26369bab5731aa7c906501a364d
SSDEEP

24576:pQibYY78wW8JOrvATWW85EcdEz++cOciQtvlm/3L7zq1P/XooNQ+HOXhB:GwYYAwWb6l82Oqqvlm/PO1nbNnOX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1648	1956	rundll32.exe	28
PID 1956 wrote to memory of 1648	1956	rundll32.exe	28
PID 1956 wrote to memory of 1648	1956	rundll32.exe	28
PID 1956 wrote to memory of 1648	1956	rundll32.exe	28
PID 1956 wrote to memory of 1648	1956	rundll32.exe	28
PID 1956 wrote to memory of 1648	1956	rundll32.exe	28
PID 1956 wrote to memory of 1648	1956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bdc63acbbdc6f332d710327cae95825e517e5023c8c3d708433d4adbd905565.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bdc63acbbdc6f332d710327cae95825e517e5023c8c3d708433d4adbd905565.dll,#1
  2⤵
  PID:1648

memory/1648-0-0x0000000010000000-0x0000000010137000-memory.dmp

Filesize
1.2MB

Download