5461d517c7cd3a86cf7011b09d357fd42abbfe2d34d516e9051a5a9557440ff0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:11

Target

5461d517c7cd3a86cf7011b09d357fd42abbfe2d34d516e9051a5a9557440ff0.dll
Size

380KB
MD5

61b70355d9ed7521d8f66406a72893b0
SHA1

580978b8f6f87a51cc937d044d7b08ab96cb548d
SHA256

5461d517c7cd3a86cf7011b09d357fd42abbfe2d34d516e9051a5a9557440ff0
SHA512

b7c6f018cfbfdb08d5d3efa52846a0a0d20ec65a5e93991932bfebbe62bf403f17a4b3d59bb23e72c232e0765c707faad4cebef6f192486becf93b481162d387
SSDEEP

6144:Vzb1qGN520kAltKaP21FwBgXEM4o6vHewpPRrj5Q:Vzb1z73tKaP21FwBIv4ZvXb5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2992 wrote to memory of 3000	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3000	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3000	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3000	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3000	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3000	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3000	2992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5461d517c7cd3a86cf7011b09d357fd42abbfe2d34d516e9051a5a9557440ff0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5461d517c7cd3a86cf7011b09d357fd42abbfe2d34d516e9051a5a9557440ff0.dll,#1
2⤵
PID:3000