38ee28ab76b98e83c9c756534ec9f6e79d6ebb07f5ce5ee63c1d5e725f7b836d

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:32

Target

38ee28ab76b98e83c9c756534ec9f6e79d6ebb07f5ce5ee63c1d5e725f7b836d.dll
Size

327KB
MD5

85de89b5446168a26a155e1365e64433
SHA1

53d4c14c628215e0e68695e71863132abcce8e9e
SHA256

38ee28ab76b98e83c9c756534ec9f6e79d6ebb07f5ce5ee63c1d5e725f7b836d
SHA512

2151dd418456571edef81cd6aaaf01a225ffefcd13620eecad367095dff42b6130701071c318de6c008c6587c0d16897394bbcc1d5ce31167cd1e5d92d336ba5
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1368 wrote to memory of 1532	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1532	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1532	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1532	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1532	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1532	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1532	1368	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ee28ab76b98e83c9c756534ec9f6e79d6ebb07f5ce5ee63c1d5e725f7b836d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ee28ab76b98e83c9c756534ec9f6e79d6ebb07f5ce5ee63c1d5e725f7b836d.dll,#1
2⤵
PID:1532