099e7e1c85b8ef996f0e4c4098a71fb232cf2f9bc0d6eb630ff61971330d1e1e

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 05:52

Target

crtdll.dll
Size

145KB
MD5

fcc8f25a5f5a4d6bd57d917db7a00d78
SHA1

917a9fd1592f24aac940661b0ea2a4a45104f77f
SHA256

099e7e1c85b8ef996f0e4c4098a71fb232cf2f9bc0d6eb630ff61971330d1e1e
SHA512

1890b23e661173b1144dd2ff2ceb86c180fb962a8104187d4da39a193788de51f999a30dc0b50982f682c8ac6d34e42a6de10b98430102ca21edd3fe9c3c2d36
SSDEEP

3072:7YE0B+OKTQ8LHuwxBUfO2l2WwBwJP9O25UTJsQ6CALbkyK+AlZYQob6e8NBK9aQs:sp+OKTQ87uwxpdWkwJFORJsQ6CALbkdt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28
PID 2224 wrote to memory of 2816	2224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\crtdll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\crtdll.dll,#1
  2⤵
  PID:2816