a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 02:03

Target

a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll
Size

96KB
MD5

d3caf41cdf8142114caa54fff2aba2d5
SHA1

403295e80286698e64914c9a8730f710a47ee6b7
SHA256

a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418
SHA512

37b14ea8c491113ca30af9aebd0634b6e926a37ad66c824b7f3b2bdb5eb1b499ff5a05ff56ba2f442c5e703364ad4df4968e387203f52d754223e8238eb177e9
SSDEEP

1536:YrHXsaP2+XvkbETeDDD2TdbM+l4irK1aK6Cry2rBStd/i:cP2+Xcb5KBrKqEMt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2880 wrote to memory of 2368	2880	rundll32.exe	rundll32.exe
PID 2880 wrote to memory of 2368	2880	rundll32.exe	rundll32.exe
PID 2880 wrote to memory of 2368	2880	rundll32.exe	rundll32.exe
PID 2880 wrote to memory of 2368	2880	rundll32.exe	rundll32.exe
PID 2880 wrote to memory of 2368	2880	rundll32.exe	rundll32.exe
PID 2880 wrote to memory of 2368	2880	rundll32.exe	rundll32.exe
PID 2880 wrote to memory of 2368	2880	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll,#1
2⤵
PID:2368