2f94353c35b0f877bd13a69216f4df8590cdf30b441513f4bdbe23f0becad448

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 20:08

Target

2f94353c35b0f877bd13a69216f4df8590cdf30b441513f4bdbe23f0becad448.dll
Size

5KB
MD5

e2d0dd1c2dbbcbc949bac629e5ccd2b5
SHA1

04c013fc46e150f1f2305fcac0f2eb787e829488
SHA256

2f94353c35b0f877bd13a69216f4df8590cdf30b441513f4bdbe23f0becad448
SHA512

ac2da8c111fa914ed4e66296f19dc94d651f62e47ed060a2654b4e57ade69dc7d73cf5d72677e044df577cbf7449637df3a8e9a4a5a270f2c1ff0d30cf897479
SSDEEP

48:C6VonAHso6U7lYa92RrpjwDmetlG95hx+iMHhljs8hrWxRrCcWEzJ1B9mYPhUJDK:nEY2RrF1eqwi4HimcWgXwoXLi6Jdl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1816	2020	rundll32.exe	28
PID 2020 wrote to memory of 1816	2020	rundll32.exe	28
PID 2020 wrote to memory of 1816	2020	rundll32.exe	28
PID 2020 wrote to memory of 1816	2020	rundll32.exe	28
PID 2020 wrote to memory of 1816	2020	rundll32.exe	28
PID 2020 wrote to memory of 1816	2020	rundll32.exe	28
PID 2020 wrote to memory of 1816	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f94353c35b0f877bd13a69216f4df8590cdf30b441513f4bdbe23f0becad448.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f94353c35b0f877bd13a69216f4df8590cdf30b441513f4bdbe23f0becad448.dll,#1
  2⤵
  PID:1816