d50c09b73439c9730f2cb224f900b0de3be7a6b659614fe6569b80d4c68970ad

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 01:33

Target

undtct.dll
Size

1015KB
MD5

3e9e02ce2b577d62b35c34aa6ec027e2
SHA1

9c464e6edc2e6a4bc17d28a68d5217a134b8f368
SHA256

2c81fcf3f79f98c78963da78d234dcf6dd36c9503438121d384b39edb0ca272b
SHA512

7eb9a3580ce664e78ccf89130581de6e5e816337f4953b192038baafd7ad163a096250aa2f93f4dab68dfec0e25987845777f70d37afd37bab73e793e680f68c
SSDEEP

12288:Cab/0Xn458xRrPzrUBHK5fhgxFmXEP2f7K46TnSEl1yt6zzng0LNU5w37A6Dv:ClXn458xRrPztgxoGRNU5w37J

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2176 wrote to memory of 1920	2176	rundll32.exe	rundll32.exe
PID 2176 wrote to memory of 1920	2176	rundll32.exe	rundll32.exe
PID 2176 wrote to memory of 1920	2176	rundll32.exe	rundll32.exe
PID 2176 wrote to memory of 1920	2176	rundll32.exe	rundll32.exe
PID 2176 wrote to memory of 1920	2176	rundll32.exe	rundll32.exe
PID 2176 wrote to memory of 1920	2176	rundll32.exe	rundll32.exe
PID 2176 wrote to memory of 1920	2176	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\undtct.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\undtct.dll,#1
  2⤵
  PID:1920