b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:20

Target

b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll
Size

327KB
MD5

baa150fd3eb9c5f670820f51a40c3453
SHA1

55682b4b83a81c0c62ad4e4eba2d5759897f84c1
SHA256

b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb
SHA512

d24d2e56413482ae7baf984c96ca50e7105d1e1034938fdc0e32b8a3ab519fbfd4f2dfc607f226d98c1daeb357c6f96cd4b90a4942fa3d54bf2cc22a9d84bc63
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2980 wrote to memory of 2976	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 2976	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 2976	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 2976	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 2976	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 2976	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 2976	2980	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll,#1
2⤵
PID:2976