3c93d8b1e69fab840a52746dc183e2bcac113cf1f05bd558a689c0bb5f24f4aa

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 14:51

Target

CADe_SIMU V4.2/Nettoplcsim-S7o-v-1-1-0-0/bin/IsoToS7online.dll
Size

45KB
MD5

f9d48978385a006f1b6e1faf9c021fa3
SHA1

a2b3fc157c465af3ff3d3cd9b5f86a5ee2ecec46
SHA256

9667e6f87c1180e2ac79ad38397e7ecb7477a33fd62091a7f467ffa3765cbe4e
SHA512

8bab91f84d24d6e9d5fab99c85e2a63d7c6364ebe49510e661f99becb3ba22a98743969199b5a4ad503ba9024c9a844c73b9845eec8e59fca8fd78f8aa56d9c6
SSDEEP

768:cGbCowSCKx5dwkFKVbdVOhBtnhEGHhA+7z3YrNC7cgpza38Ey2hYnizNwfXt:zb3w9Yw48dskmzoC7cgpza38Ey26im/t

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 2468	4176	rundll32.exe	80
PID 4176 wrote to memory of 2468	4176	rundll32.exe	80
PID 4176 wrote to memory of 2468	4176	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CADe_SIMU V4.2\Nettoplcsim-S7o-v-1-1-0-0\bin\IsoToS7online.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CADe_SIMU V4.2\Nettoplcsim-S7o-v-1-1-0-0\bin\IsoToS7online.dll",#1
  2⤵
  PID:2468