505372990fc873d78cd4c78d8be38e651c76a38ad3e86d44fff8624201873621

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 21:12

Target

505372990fc873d78cd4c78d8be38e651c76a38ad3e86d44fff8624201873621.dll
Size

30KB
MD5

afd7c04b94665a11db3364e45d96b5eb
SHA1

509d7123469e182d010ff424ed0cbfa70d6faa54
SHA256

505372990fc873d78cd4c78d8be38e651c76a38ad3e86d44fff8624201873621
SHA512

5c1b3101b51b23f537e0575225a71d89b5f7d4f701ef70ec53171dce6ebc453beca1b6630f7becab5c6420a64d60ebc3762cebe404f0a22b699249dec05994c7
SSDEEP

384:vdadtlzvYYP1tUzR16WQ91qQ1Ru15IvWmvI/yMrNtOE:vEHmRe2E6IWmvuyG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2192	3016	rundll32.exe	28
PID 3016 wrote to memory of 2192	3016	rundll32.exe	28
PID 3016 wrote to memory of 2192	3016	rundll32.exe	28
PID 3016 wrote to memory of 2192	3016	rundll32.exe	28
PID 3016 wrote to memory of 2192	3016	rundll32.exe	28
PID 3016 wrote to memory of 2192	3016	rundll32.exe	28
PID 3016 wrote to memory of 2192	3016	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\505372990fc873d78cd4c78d8be38e651c76a38ad3e86d44fff8624201873621.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\505372990fc873d78cd4c78d8be38e651c76a38ad3e86d44fff8624201873621.dll,#1
  2⤵
  PID:2192