134a4ad59a0ee629ad88a85b6a034f8894d5b05bbf2085c3e360fcba2c88fdd7

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 08:14

Target

134a4ad59a0ee629ad88a85b6a034f8894d5b05bbf2085c3e360fcba2c88fdd7.dll
Size

245KB
MD5

bc6535511919f5cc8e65ec2ee57e1000
SHA1

5e6c42efbc2571b490fac20edf412f76c99409fa
SHA256

134a4ad59a0ee629ad88a85b6a034f8894d5b05bbf2085c3e360fcba2c88fdd7
SHA512

592fa0caf38f8adf736601253fd8db9208b379b84d1124bd3492276bc0ebb6be13bbbcbb01d28b28edd61969f9066fb0ec8cad59e6b0d566ae5c150e044a8695
SSDEEP

6144:z68nG5wKRLI0cxAKM9Z26ZHgvKEnyEbN:z68Gha0laGgiEykN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2980	2976	rundll32.exe	28
PID 2976 wrote to memory of 2980	2976	rundll32.exe	28
PID 2976 wrote to memory of 2980	2976	rundll32.exe	28
PID 2976 wrote to memory of 2980	2976	rundll32.exe	28
PID 2976 wrote to memory of 2980	2976	rundll32.exe	28
PID 2976 wrote to memory of 2980	2976	rundll32.exe	28
PID 2976 wrote to memory of 2980	2976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\134a4ad59a0ee629ad88a85b6a034f8894d5b05bbf2085c3e360fcba2c88fdd7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\134a4ad59a0ee629ad88a85b6a034f8894d5b05bbf2085c3e360fcba2c88fdd7.dll,#1
  2⤵
  PID:2980