80139d11da5242f6570b185b1b3da692cb4d80a2f1724db459a4189c942c3db2

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 23:45

Target

80139d11da5242f6570b185b1b3da692cb4d80a2f1724db459a4189c942c3db2.dll
Size

6KB
MD5

ea19f7ea2247261ab137955c73b2d686
SHA1

03724a31e332cfa9a1396364d5f1c1c0c71dd20d
SHA256

80139d11da5242f6570b185b1b3da692cb4d80a2f1724db459a4189c942c3db2
SHA512

ea59007e17a87b409e4d2e9b2075c14a017677269aae3d6f6c958ab21895b8d94a2d3c0fcb31489595f6af2bc44680e2a17b2ac66ff945f42af069dd2e13b07a
SSDEEP

96:hy859x0P8Mas4FKvt8Up6pHsacE9+2RDwonbK5VNJLXDykV:F5oLwEvOu+HsacM+2R8obK5VNJLzykV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2008	2296	rundll32.exe	28
PID 2296 wrote to memory of 2008	2296	rundll32.exe	28
PID 2296 wrote to memory of 2008	2296	rundll32.exe	28
PID 2296 wrote to memory of 2008	2296	rundll32.exe	28
PID 2296 wrote to memory of 2008	2296	rundll32.exe	28
PID 2296 wrote to memory of 2008	2296	rundll32.exe	28
PID 2296 wrote to memory of 2008	2296	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80139d11da5242f6570b185b1b3da692cb4d80a2f1724db459a4189c942c3db2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\80139d11da5242f6570b185b1b3da692cb4d80a2f1724db459a4189c942c3db2.dll,#1
  2⤵
  PID:2008