f0faee8ef4f7724e7defc6e54ea8dbfab3a0ff9270f734c1bd081c856a690fb3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 10:11

Target

XPICONS.dll
Size

296KB
MD5

414234fbdd6dd6422bd551ca8f155b44
SHA1

87807abaee64489803e2d975dbe7243d5fe990df
SHA256

30f500516f17494a1d2638fcba5e3e85dd105051cfb0d765fb7f927b456f090f
SHA512

dc28d2dfcb447ffad046377f3bb8e3a851dd62c18fdcc3834561c45e3d068e73b4cc76f2ec38d7abccd9f3c53ff5cb85455e6fdf4cc38ca939fb70fa8e2b2414
SSDEEP

3072:mPRiDtdmBydy6HfYZ3qs45/9CdW2MV3royMphYAbcl3EPl3iDIWrWP6tYD6:mPBUdlYos451Cc2MVbwaZQZiD/6i

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1612	2000	rundll32.exe	28
PID 2000 wrote to memory of 1612	2000	rundll32.exe	28
PID 2000 wrote to memory of 1612	2000	rundll32.exe	28
PID 2000 wrote to memory of 1612	2000	rundll32.exe	28
PID 2000 wrote to memory of 1612	2000	rundll32.exe	28
PID 2000 wrote to memory of 1612	2000	rundll32.exe	28
PID 2000 wrote to memory of 1612	2000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\XPICONS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\XPICONS.dll,#1
  2⤵
  PID:1612