d0841acf6558391642874b61e5a4a06c9d7dd3cff95069cb20d9b573251c2e76

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 15:34

Target

$PLUGINSDIR/inetc.dll
Size

145KB
MD5

505b89efc823507b29061168f66f159a
SHA1

db7e55cbbcb63102c619760c674705d61adc2336
SHA256

35da1e9d0c9aa0b622095d878c0a34e84db892c8124169cf095682b70ff38000
SHA512

c35355a44cebf20de7e357596213069027ad96f26af3db95d76e8249cb412d690d18deae7d3824672faafb93a6ae861e64434e18480e4a980ee553adadc6e708
SSDEEP

1536:VW9m4RHezlxer8qP5ZZuhqMWGxRwu6lc0h/69V4cv23ilsWjcd0kz+58EihmWWQM:Ve9RHezlxehvwDp9fVVK0kz+SEihm5z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2804	2232	rundll32.exe	28
PID 2232 wrote to memory of 2804	2232	rundll32.exe	28
PID 2232 wrote to memory of 2804	2232	rundll32.exe	28
PID 2232 wrote to memory of 2804	2232	rundll32.exe	28
PID 2232 wrote to memory of 2804	2232	rundll32.exe	28
PID 2232 wrote to memory of 2804	2232	rundll32.exe	28
PID 2232 wrote to memory of 2804	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1
  2⤵
  PID:2804