a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:21

Target

a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de.dll
Size

166KB
MD5

e199ed7d98e468dcc8340df1f0dff14c
SHA1

1cb029da465634797310e1f4fb6f016c809d13fb
SHA256

a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de
SHA512

8574cd7d237e9f8f535f956a4c68158395caf243e9b17203d90b8e80b4cf07c4deda1c33b2d5f63a1e1edf3437d3d062dd29f2237837b2b3996131fa93fe5f9d
SSDEEP

3072:nwH0WGeV3AaC7ydwgaRUqpVURkr1EhnzAPJvgb:n40o3AaCeyQRS1ElsJvg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3052 wrote to memory of 2124	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 2124	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 2124	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 2124	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 2124	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 2124	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 2124	3052	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de.dll,#1
2⤵
PID:2124