2b1493b6c9eebf5887cde5a9f883abaf93dee36cc22a4b67616fb5b707cc57d7

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:56

Target

2b1493b6c9eebf5887cde5a9f883abaf93dee36cc22a4b67616fb5b707cc57d7.dll
Size

660KB
MD5

59975940fb57e427a8a938b7e36da9a3
SHA1

4fa3c27050c6e23be89ee3aa58122dddc1fae038
SHA256

2b1493b6c9eebf5887cde5a9f883abaf93dee36cc22a4b67616fb5b707cc57d7
SHA512

dfc4397e0dc4aec4023fccf132387fddd228b918e233c8981fd3de17d50fa19215d59bc9a8a77a1497434d3050f8e031ced5bd82d8042b614837b0bbdd3a6c16
SSDEEP

12288:wtlp0ywgatUAD9EREYvZIk1OZ26R3pkz+TrIcMm:wtz0SatUAD9E+YvZIkAZ26xpkzgo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b1493b6c9eebf5887cde5a9f883abaf93dee36cc22a4b67616fb5b707cc57d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b1493b6c9eebf5887cde5a9f883abaf93dee36cc22a4b67616fb5b707cc57d7.dll,#1
2⤵
PID:2056