918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 00:15

Target

918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll
Size

81KB
MD5

45e23654a89af90189683bc2ae6c568b
SHA1

9cc65602942e0914ed2f129f297ac89bca9624e1
SHA256

918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36
SHA512

1fd3b53a6ffd2364186541712601ab96a3374594c27e896c0104130ad89afa7bd87963140f288d4290c91f3305063d42f1c1f68a13b559f229620e83c2887be8
SSDEEP

1536:PByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WT:ev4JKXTx71wnArSsXFpeXq8WT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28
PID 2220 wrote to memory of 2720	2220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll,#1
  2⤵
  PID:2720