fec378a6f00c5d88c83e8d5f12891a6037eb1d1b28d9b55256e1cf16568b7d9d

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 15:20

Target

$PLUGINSDIR/InstallOptions.dll
Size

13KB
MD5

ad55f1196c55671c379561dd408b7403
SHA1

44907c7219a4e9c8bca9f61394319b36433fd5ea
SHA256

9bb1437c6e7ad7d9100f4c6b9cefa5d213b949d2be4298f01e43a06312ea5564
SHA512

dd82d22aacc50a52244a22c34490e3a31ca9dd51317bef5fa5ed1e5340c974230c20491a507b454a9c37a61cf8770662c1c1b84df7d518e25e38456cb65896d7
SSDEEP

192:FTmFxiXTQdQbg9FkGuz9lBDpO5DwbgUojcA96lK72dwF7dBG0y:FTmriEdYQFkGUlI6vojj6l+BGt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2024	1524	rundll32.exe	28
PID 1524 wrote to memory of 2024	1524	rundll32.exe	28
PID 1524 wrote to memory of 2024	1524	rundll32.exe	28
PID 1524 wrote to memory of 2024	1524	rundll32.exe	28
PID 1524 wrote to memory of 2024	1524	rundll32.exe	28
PID 1524 wrote to memory of 2024	1524	rundll32.exe	28
PID 1524 wrote to memory of 2024	1524	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
  2⤵
  PID:2024