0dbef894db6f4abfefd7937f49ee569fd0c123bfffb8f078bec581871c2b36e2

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 22:44

Target

0dbef894db6f4abfefd7937f49ee569fd0c123bfffb8f078bec581871c2b36e2.dll
Size

162KB
MD5

272870a4bead94e3456c2c75397c243d
SHA1

97fd6626a8f39cede60dc46bf0f91f5387b6216c
SHA256

0dbef894db6f4abfefd7937f49ee569fd0c123bfffb8f078bec581871c2b36e2
SHA512

187e9f68f40cd3adfe8995d4f91a194e62de8287e56c2ab75f0fd9e77e7e05e9a3aea5203497e7216ce84248982aef1f6a915005a743253dd25171b83086cd65
SSDEEP

1536:YijagcdDLhkTr2Hg5K+rdy90Lq3dyKi+FyaZyKt06FJX79HomvpQDR5JBk9idvsG:7anEm5xTX9m7J5UY5nNRF3v

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0dbef894db6f4abfefd7937f49ee569fd0c123bfffb8f078bec581871c2b36e2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0dbef894db6f4abfefd7937f49ee569fd0c123bfffb8f078bec581871c2b36e2.dll,#1
  2⤵
  PID:1800

memory/1800-0-0x00000000002B0000-0x00000000002F0000-memory.dmp

Filesize
256KB

Download
memory/1800-1-0x0000000073DDE000-0x0000000073DDF000-memory.dmp

Filesize
4KB

Download
memory/1800-2-0x0000000000830000-0x0000000000860000-memory.dmp

Filesize
192KB

Download
memory/1800-3-0x0000000074610000-0x0000000074640000-memory.dmp

Filesize
192KB

Download