61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 11:14

Target

61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll
Size

160KB
MD5

4c2ec1df0f31f0979b919c14a0363a35
SHA1

7ace8d116f29450f7fdd918709fe58e535020efb
SHA256

61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684
SHA512

aa222babb41da54ea766c2e66500aaa8097a5688b3ccb18fd45035f68a916da1f335e555db4b66a54b00d1f8064a38b777f04910de3bbe96ddf8916b470957f0
SSDEEP

3072:I02rPPBHaDJRCP5otSUrUXk4bAtcryyYbQ0ngzJKYF5Q:wrPPyJgPuU3bAZFn8F5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2972 wrote to memory of 2308	2972	rundll32.exe	rundll32.exe
PID 2972 wrote to memory of 2308	2972	rundll32.exe	rundll32.exe
PID 2972 wrote to memory of 2308	2972	rundll32.exe	rundll32.exe
PID 2972 wrote to memory of 2308	2972	rundll32.exe	rundll32.exe
PID 2972 wrote to memory of 2308	2972	rundll32.exe	rundll32.exe
PID 2972 wrote to memory of 2308	2972	rundll32.exe	rundll32.exe
PID 2972 wrote to memory of 2308	2972	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll,#1
2⤵
PID:2308