0562822c73f620b6a861927504487065fb1dc954a49af7261d70397071714a65

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 19:46

Target

$PLUGINSDIR/BDLogicUtils.dll
Size

932KB
MD5

976ff4f351761512bbd49c3a90d2e1c9
SHA1

f7cd057dd442236247b511c3b50bc99874f56d32
SHA256

7c617719b02e215223dd847da5a02de9251212f1b1302f48dddf398069c3cf05
SHA512

f943a6156f46fd08f360e6b157e02d5c2ce67437d250f51303455b499a1a8be31b24df25f1c7606c7ec492af514847fc957f0cb542fb44f0741cc9e16bdec3d2
SSDEEP

12288:fNB+zZcpSrJKYh7WNPbEU2sZkZQjK0aYxKsD/a6TNrtpGhrtl:fNwzVKU7WFj2wk6OgD/a6TRt4rt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2432 wrote to memory of 2216	2432	rundll32.exe	rundll32.exe
PID 2432 wrote to memory of 2216	2432	rundll32.exe	rundll32.exe
PID 2432 wrote to memory of 2216	2432	rundll32.exe	rundll32.exe
PID 2432 wrote to memory of 2216	2432	rundll32.exe	rundll32.exe
PID 2432 wrote to memory of 2216	2432	rundll32.exe	rundll32.exe
PID 2432 wrote to memory of 2216	2432	rundll32.exe	rundll32.exe
PID 2432 wrote to memory of 2216	2432	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BDLogicUtils.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BDLogicUtils.dll,#1
2⤵
PID:2216