d5921c53db3576bb6959b28aa641f5163c39de4d16dd53332268ba0a0e5e9f63

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 21:05

Target

5x/41919a56cab4ed4433a4d7701791111bf3aa58720719530432365d9ddea16845.dll
Size

35KB
MD5

01f9000bd760637b4da87c0ad5ec3dd9
SHA1

f73831de21f7f0eed5311c13dc9465670e17a1e7
SHA256

41919a56cab4ed4433a4d7701791111bf3aa58720719530432365d9ddea16845
SHA512

38555fe4a47670c56e42e841e333a4c59f62d812e154f97a9c482e9cebe5b6574371520643ea8c3f25b6191c586134c16ec00ff34326514d277232a8ee4c5100
SSDEEP

768:HJE27aTtnwc/rPbBYusjTDy182R7axGLbmC0Ld2H:HJIv6/jTDhWmxGLbmRd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 3024	2936	rundll32.exe	28
PID 2936 wrote to memory of 3024	2936	rundll32.exe	28
PID 2936 wrote to memory of 3024	2936	rundll32.exe	28
PID 2936 wrote to memory of 3024	2936	rundll32.exe	28
PID 2936 wrote to memory of 3024	2936	rundll32.exe	28
PID 2936 wrote to memory of 3024	2936	rundll32.exe	28
PID 2936 wrote to memory of 3024	2936	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5x\41919a56cab4ed4433a4d7701791111bf3aa58720719530432365d9ddea16845.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5x\41919a56cab4ed4433a4d7701791111bf3aa58720719530432365d9ddea16845.dll,#1
  2⤵
  PID:3024