60159e0f58600c140ca618c856eb24ee30bc8b10c13b78caefa14a4cfacb7516

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:16

Target

60159e0f58600c140ca618c856eb24ee30bc8b10c13b78caefa14a4cfacb7516.dll
Size

81KB
MD5

b2dcdbe5f14e66861493bb5f56802310
SHA1

b4dbbd12d85e0af04641730c6abd344af0c149c3
SHA256

60159e0f58600c140ca618c856eb24ee30bc8b10c13b78caefa14a4cfacb7516
SHA512

7426d019b08a484dbc659713178825019b41982db217c62b5cbb8bf8afc9ba53f8a5bbffb273c9e7985c8dd7e84bfb858b86ef3e14af24130e319a4b06cb6079
SSDEEP

1536:KtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WR:K4v4JKXTx71w0ArSsXF3enq8WR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1768 wrote to memory of 1924	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1924	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1924	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1924	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1924	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1924	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1924	1768	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60159e0f58600c140ca618c856eb24ee30bc8b10c13b78caefa14a4cfacb7516.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60159e0f58600c140ca618c856eb24ee30bc8b10c13b78caefa14a4cfacb7516.dll,#1
2⤵
PID:1924