a1cba053205159b6b8a43ecf2478c2647a17dda65d5f388260f03ed08ffcbffc

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 00:50

Target

a1cba053205159b6b8a43ecf2478c2647a17dda65d5f388260f03ed08ffcbffc.dll
Size

6KB
MD5

7b8d74a30dfad35252cd8eadca0c7f77
SHA1

cac09054b298e4861e2e24f715a2a9ca78d56efb
SHA256

a1cba053205159b6b8a43ecf2478c2647a17dda65d5f388260f03ed08ffcbffc
SHA512

97b0da64144c8932021991225cebb1d7f4d9299853635fbed7b559c5790d4eaedbe50cd830e6b18af5e160dfa349c8876f7800c000704d8f2681fdd7356ae27d
SSDEEP

96:hy859x0P8MamTMR06jWQLl42vqVWJtn1lF:F5oLNMK6jDdiVo91P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1740	1928	rundll32.exe	28
PID 1928 wrote to memory of 1740	1928	rundll32.exe	28
PID 1928 wrote to memory of 1740	1928	rundll32.exe	28
PID 1928 wrote to memory of 1740	1928	rundll32.exe	28
PID 1928 wrote to memory of 1740	1928	rundll32.exe	28
PID 1928 wrote to memory of 1740	1928	rundll32.exe	28
PID 1928 wrote to memory of 1740	1928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1cba053205159b6b8a43ecf2478c2647a17dda65d5f388260f03ed08ffcbffc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1cba053205159b6b8a43ecf2478c2647a17dda65d5f388260f03ed08ffcbffc.dll,#1
  2⤵
  PID:1740