29dda0397c7c1bd5c3e6f0290ae89ff646b809fe400ad8af12e35a2c11967f54

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:57

Target

29dda0397c7c1bd5c3e6f0290ae89ff646b809fe400ad8af12e35a2c11967f54.dll
Size

329KB
MD5

1e42e4cbfe3119abc5a2b6c8c72346c7
SHA1

c569f724a10638a8769be0134c8b581b854de50e
SHA256

29dda0397c7c1bd5c3e6f0290ae89ff646b809fe400ad8af12e35a2c11967f54
SHA512

ecbc64099864f4eb31ec85abf812168b5e7bb81d7e128b7e9386e640e064c2fcc64b15a88213848815c9f2f286aa907ad4e84701d281d1af2d18246beaa305a8
SSDEEP

6144:RmWhxR1arY/PbgmFOabPIIBhJXAv7eTY9suz0xhttGSrDKE3KI6NSka8bP:RmWTR1arYnEKosuzY34CZ3D6NSkN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2256 wrote to memory of 2412	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2412	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2412	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2412	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2412	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2412	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2412	2256	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29dda0397c7c1bd5c3e6f0290ae89ff646b809fe400ad8af12e35a2c11967f54.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29dda0397c7c1bd5c3e6f0290ae89ff646b809fe400ad8af12e35a2c11967f54.dll,#1
2⤵
PID:2412