2d0387017cc0127e03386adf68823e1a18aae76f1c11d9a1a38d530f60d5a950

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 19:56

Target

2d0387017cc0127e03386adf68823e1a18aae76f1c11d9a1a38d530f60d5a950.dll
Size

6KB
MD5

adaad0605f05a3167d7a2c22bd38fac6
SHA1

48f78ca40db1b0e1835494f4c39e0ab37dbc0a19
SHA256

2d0387017cc0127e03386adf68823e1a18aae76f1c11d9a1a38d530f60d5a950
SHA512

7a66227912197584e994a4d841a115986042e96f3fefdbc136c9873cfd26c982489f6f992962e4a19565a472cdbf8868f18da2bd7f9069178d5f33b1b75cd3e2
SSDEEP

192:F5oLX+vF+sOM7Yyb7GkaKuY+498v+FSk:F5mX+vuM7YyvGDKuYf8v+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1920	2172	rundll32.exe	28
PID 2172 wrote to memory of 1920	2172	rundll32.exe	28
PID 2172 wrote to memory of 1920	2172	rundll32.exe	28
PID 2172 wrote to memory of 1920	2172	rundll32.exe	28
PID 2172 wrote to memory of 1920	2172	rundll32.exe	28
PID 2172 wrote to memory of 1920	2172	rundll32.exe	28
PID 2172 wrote to memory of 1920	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0387017cc0127e03386adf68823e1a18aae76f1c11d9a1a38d530f60d5a950.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0387017cc0127e03386adf68823e1a18aae76f1c11d9a1a38d530f60d5a950.dll,#1
  2⤵
  PID:1920