94bde9717c0357767086057f3d5f1dd59a434d683e7071b5cec19c45573bb692

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 12:44

Target

94bde9717c0357767086057f3d5f1dd59a434d683e7071b5cec19c45573bb692.dll
Size

75KB
MD5

25f3da186447794de5af2fa3ff3bcf23
SHA1

107b0a1b3114fd5fab0c0750b858560f84011920
SHA256

94bde9717c0357767086057f3d5f1dd59a434d683e7071b5cec19c45573bb692
SHA512

254ee1554f4256c695e5edb5c1cd06328035ca140c9124ea78a72ca28280a6cd8da64752b6ccf72bffb3ace0cdef274da866c2009223dcce3ef14f5e04c791a8
SSDEEP

1536:YeKeS72DCcge+TXjgekohz3WudYDGlfZo+esWFcd7YGcIX/:o2DCNeAlkoYudYuCE7AIX/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2288	2148	rundll32.exe	28
PID 2148 wrote to memory of 2288	2148	rundll32.exe	28
PID 2148 wrote to memory of 2288	2148	rundll32.exe	28
PID 2148 wrote to memory of 2288	2148	rundll32.exe	28
PID 2148 wrote to memory of 2288	2148	rundll32.exe	28
PID 2148 wrote to memory of 2288	2148	rundll32.exe	28
PID 2148 wrote to memory of 2288	2148	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\94bde9717c0357767086057f3d5f1dd59a434d683e7071b5cec19c45573bb692.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\94bde9717c0357767086057f3d5f1dd59a434d683e7071b5cec19c45573bb692.dll,#1
  2⤵
  PID:2288