0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 09:19

Target

0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087.dll
Size

2.6MB
MD5

77fbe5dc0c1e8bb93003b0cb3a7a7544
SHA1

b97945d582cb8e69420cafdf13434dcbce14d079
SHA256

0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087
SHA512

a5f93ca0f356df8ba6febc83ab4f714e98c80d346748843c56910c4f9e46a08f97089b0df2712704b36e3958d3583e4d7107fadcd715279c8ac1c412e29233a4
SSDEEP

49152:fUqKbFoZh5ssm4Gn3usX2qQYkVI9KZ1EpXhEQTZ1lsc07PlLxBmZFTbdTmHs:8HbOssvGhX2zLlZg2KNm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1036 wrote to memory of 1724	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 1724	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 1724	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 1724	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 1724	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 1724	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 1724	1036	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1036

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087.dll,#1
2⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\10E2.tmp
C:\Users\Admin\AppData\Local\Temp\10E2.tmp
3⤵
PID:2612

memory/1724-0-0x0000000000B90000-0x0000000000C59000-memory.dmp

Filesize
804KB

Download
memory/1724-1-0x0000000000B90000-0x0000000000C59000-memory.dmp

Filesize
804KB

Download