a785881a9cadb30202026191d72c14636053f85f285027d48b80824240c20025

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 06:27

Target

$PLUGINSDIR/egfFekpNhqD.dll
Size

900KB
MD5

6a83c6814171ee4d4180ef9b044bd971
SHA1

5b2a1c981183dac26a0e5ac1c3e0f532673d456c
SHA256

a201b0871220c20823e67bccbfe2b25bfcd870d02fd504e9cb2c61c98e272f9b
SHA512

1f6887ff78e2bd11e325c2bedf8a3ce0949e558b066755f4aebc0ae465d3c39789ce9c66827bebf1eff7da6c7925830d741cb1664ecfc0460ca2cca64d66063d
SSDEEP

12288:51MUBvqIhtn7eJIaxtuQaj+lIUZdhHsXJCU/yi53lFyrB/DlAhfVuztHu:51MUBCU7CjxtYjeIEdh0yQTyIVuzFu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2368	2880	rundll32.exe	28
PID 2880 wrote to memory of 2368	2880	rundll32.exe	28
PID 2880 wrote to memory of 2368	2880	rundll32.exe	28
PID 2880 wrote to memory of 2368	2880	rundll32.exe	28
PID 2880 wrote to memory of 2368	2880	rundll32.exe	28
PID 2880 wrote to memory of 2368	2880	rundll32.exe	28
PID 2880 wrote to memory of 2368	2880	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\egfFekpNhqD.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\egfFekpNhqD.dll,#1
  2⤵
  PID:2368