88cad3952c02dc2a6857ba73205d440d1326c051e7075bfb69a3429cb1f0a061

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 02:30

Target

bin/download/download_engine.dll
Size

3.4MB
MD5

1a87ff238df9ea26e76b56f34e18402c
SHA1

2df48c31f3b3adb118f6472b5a2dc3081b302d7c
SHA256

abaeb5121548256577ddd8b0fc30c9ff3790649ad6a0704e4e30d62e70a72964
SHA512

b2e63aba8c081d3d38bd9633a1313f97b586b69ae0301d3b32b889690327a575b55097f19cc87c6e6ed345f1b4439d28f981fdb094e6a095018a10921dae80d9
SSDEEP

49152:O/4yyAd2+awsEL4eyiiDoHHPLvQB0o32Qm6m7VBmurXztN:OVrsEcTiiAvLa0oYkuf/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\download\download_engine.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\download\download_engine.dll,#1
  2⤵
  PID:2124