21d6bfe3a4eaf64947adbba12f14bd26897aa441251ac0720454912bf80ea404

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 19:33

Target

21d6bfe3a4eaf64947adbba12f14bd26897aa441251ac0720454912bf80ea404.dll
Size

81KB
MD5

f08472b4ecfec2edf1c6aa8c7fafe208
SHA1

3bac37184ec5aa9552bfe956f37e061218d90864
SHA256

21d6bfe3a4eaf64947adbba12f14bd26897aa441251ac0720454912bf80ea404
SHA512

95391fce9933c5029fa63182c3d25d3d794da57ae876287fab43f8140c0d078cb26c34a315c6d9afc2ca505986e594008fd66ba17215b993493dec2bdc8aaed2
SSDEEP

1536:xtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W0:x4v4JKXTx71w0ArSsXF3enq8W0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2080	1912	rundll32.exe	28
PID 1912 wrote to memory of 2080	1912	rundll32.exe	28
PID 1912 wrote to memory of 2080	1912	rundll32.exe	28
PID 1912 wrote to memory of 2080	1912	rundll32.exe	28
PID 1912 wrote to memory of 2080	1912	rundll32.exe	28
PID 1912 wrote to memory of 2080	1912	rundll32.exe	28
PID 1912 wrote to memory of 2080	1912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d6bfe3a4eaf64947adbba12f14bd26897aa441251ac0720454912bf80ea404.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d6bfe3a4eaf64947adbba12f14bd26897aa441251ac0720454912bf80ea404.dll,#1
  2⤵
  PID:2080