a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 13:10

Target

a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533.dll
Size

46KB
MD5

dbad6b495cd89250fa8570859bfe4dcd
SHA1

1c70ccead809c792b35780d831e7ce123eaf0f68
SHA256

a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533
SHA512

642b9fb58f0b7de193fe7a7cb6874b3f375c79640bed33cb9b3cda1f780c56d081449899cf4e433c8c5a15a9546bb95d84e4df363479bbc33942ce987c901d5e
SSDEEP

768:muywzQxeL1kkidp8pyfkoqhHNOVpZSAq3O6w0:/Qxssp8pyfXqhkVqAb6w

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2212	1304	rundll32.exe	28
PID 1304 wrote to memory of 2212	1304	rundll32.exe	28
PID 1304 wrote to memory of 2212	1304	rundll32.exe	28
PID 1304 wrote to memory of 2212	1304	rundll32.exe	28
PID 1304 wrote to memory of 2212	1304	rundll32.exe	28
PID 1304 wrote to memory of 2212	1304	rundll32.exe	28
PID 1304 wrote to memory of 2212	1304	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533.dll,#1
  2⤵
  PID:2212

memory/2212-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download