16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:58

Target

16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12.dll
Size

5KB
MD5

65a3d08f44ea492c2d17dec729cf3a54
SHA1

9a633cdc13efe5e7f03efd2073b2d8e9d85bf2ea
SHA256

16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12
SHA512

07aa3f0035d4267c9e07051e2c0f2cc80a4243e953545f32669773211d7d3ae5dee0799a05478bf89a35e1fbadbbe8ab4cd025c368cd203b769432eb6ac6d0b4
SSDEEP

48:SWkO0IoyTnXz+ihZjokV4e9dz3fXrm2gY1GYNqmG8DXpNLBazEn3:ZJTnXzvokp9dzDf1mAkzu3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2912	3044	rundll32.exe	28
PID 3044 wrote to memory of 2912	3044	rundll32.exe	28
PID 3044 wrote to memory of 2912	3044	rundll32.exe	28
PID 3044 wrote to memory of 2912	3044	rundll32.exe	28
PID 3044 wrote to memory of 2912	3044	rundll32.exe	28
PID 3044 wrote to memory of 2912	3044	rundll32.exe	28
PID 3044 wrote to memory of 2912	3044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12.dll,#1
  2⤵
  PID:2912