adb61bb5e3941e3824f57e98b2739a00ce4d6e3aa4af2257f99c9698f584753a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 13:24

Target

adb61bb5e3941e3824f57e98b2739a00ce4d6e3aa4af2257f99c9698f584753a.dll
Size

94KB
MD5

4ecd3c15c86bf968ecead45e71ec3d7e
SHA1

7322142fb443c4acf947d5228dd072f81b71c7c0
SHA256

adb61bb5e3941e3824f57e98b2739a00ce4d6e3aa4af2257f99c9698f584753a
SHA512

0763c2cc94858e5da86278d3c58d7dc71a1b0c1b90acaac282e546c566ec567518c90d3a9ed0f73340b4e49d8b49ce1bc54d18a36a424c1353330eabbc7451d8
SSDEEP

1536:1Osh+/q/x6rcJLaJ4srO5Vb9LFuY+b+B343/ZAzRsWZcdyuSW4d1uqenaQC:1/+S6rctaJ+5V5FuY+b+Mu4yuSW4d4qr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 300	1984	rundll32.exe	29
PID 1984 wrote to memory of 300	1984	rundll32.exe	29
PID 1984 wrote to memory of 300	1984	rundll32.exe	29
PID 1984 wrote to memory of 300	1984	rundll32.exe	29
PID 1984 wrote to memory of 300	1984	rundll32.exe	29
PID 1984 wrote to memory of 300	1984	rundll32.exe	29
PID 1984 wrote to memory of 300	1984	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adb61bb5e3941e3824f57e98b2739a00ce4d6e3aa4af2257f99c9698f584753a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\adb61bb5e3941e3824f57e98b2739a00ce4d6e3aa4af2257f99c9698f584753a.dll,#1
  2⤵
  PID:300