fb28ca0961855a8dda82877b61363f94723b7d9d896d55c3332159faa3af0c38

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 09:34

Target

fb28ca0961855a8dda82877b61363f94723b7d9d896d55c3332159faa3af0c38.dll
Size

81KB
MD5

e88f855391e859450cb8312d26e8fd32
SHA1

bbb44ac3b39ef918b0c9f8973727e7ef8ff38247
SHA256

fb28ca0961855a8dda82877b61363f94723b7d9d896d55c3332159faa3af0c38
SHA512

e631a0e3c2a446c3ea94432e044608c2cf98cbb4a5e11f426b478ed909470bab8f63bd25a49d00536fa0137c70fc093372f27c2278a8deb833c274b76a249aa6
SSDEEP

1536:JByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8W5:0v4JKXTx71wnArSsXFpeXq8W5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2264	1340	rundll32.exe	28
PID 1340 wrote to memory of 2264	1340	rundll32.exe	28
PID 1340 wrote to memory of 2264	1340	rundll32.exe	28
PID 1340 wrote to memory of 2264	1340	rundll32.exe	28
PID 1340 wrote to memory of 2264	1340	rundll32.exe	28
PID 1340 wrote to memory of 2264	1340	rundll32.exe	28
PID 1340 wrote to memory of 2264	1340	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb28ca0961855a8dda82877b61363f94723b7d9d896d55c3332159faa3af0c38.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb28ca0961855a8dda82877b61363f94723b7d9d896d55c3332159faa3af0c38.dll,#1
  2⤵
  PID:2264