9b5aef9e35c2888bd6a868957cfa3cd6e242ddee1eac0c99eb5e91f7bcb475ed

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 01:45

Target

9b5aef9e35c2888bd6a868957cfa3cd6e242ddee1eac0c99eb5e91f7bcb475ed.dll
Size

81KB
MD5

5ee2d995f9dd3704ecdf56c197a026eb
SHA1

626bdb1ef773423b6ad466fea04f3a40227fdd91
SHA256

9b5aef9e35c2888bd6a868957cfa3cd6e242ddee1eac0c99eb5e91f7bcb475ed
SHA512

4c34fa884c32d6433394d2e9708cf601401e18d5d0af5f56d7c38d6a060493f187781c6df7e55a0a955a03ac4af19db0adc7486744dabd4b0c3838f0a0ab5889
SSDEEP

1536:+tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WJ:+4v4JKXTx71w0ArSsXF3enq8WJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2600	2884	rundll32.exe	28
PID 2884 wrote to memory of 2600	2884	rundll32.exe	28
PID 2884 wrote to memory of 2600	2884	rundll32.exe	28
PID 2884 wrote to memory of 2600	2884	rundll32.exe	28
PID 2884 wrote to memory of 2600	2884	rundll32.exe	28
PID 2884 wrote to memory of 2600	2884	rundll32.exe	28
PID 2884 wrote to memory of 2600	2884	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b5aef9e35c2888bd6a868957cfa3cd6e242ddee1eac0c99eb5e91f7bcb475ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b5aef9e35c2888bd6a868957cfa3cd6e242ddee1eac0c99eb5e91f7bcb475ed.dll,#1
  2⤵
  PID:2600