914401789c623bbfc608ce1574838a7e3e39fbbbe24c34c15483f67200942c9b

Analysis

max time kernel
1562s
max time network
1564s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 20:39

Target

I386/HALBORG.dll
Size

145KB
MD5

26fb74b0dc1a0e53a0fad64b594b04d1
SHA1

372c4cedf15247a438c988a01c087a588856a675
SHA256

a51bb5188fa40b73c32928cea419f10e8f01a1851acdd3f380b6aea9806a2672
SHA512

9f0a9a51c430726460a4d6efe745705182b1c73a2fc6ef0f7e5c9aa04d70353f965776d13ca77f5bb5a89755d82cc07c8f05233f181a4690879b9d9ad430d994
SSDEEP

3072:A4UP6EYO01YUjS40OOcLPBgVtZL2i2noCc:MgONAS4uhV5tC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3028 wrote to memory of 1828	3028	rundll32.exe	rundll32.exe
PID 3028 wrote to memory of 1828	3028	rundll32.exe	rundll32.exe
PID 3028 wrote to memory of 1828	3028	rundll32.exe	rundll32.exe
PID 3028 wrote to memory of 1828	3028	rundll32.exe	rundll32.exe
PID 3028 wrote to memory of 1828	3028	rundll32.exe	rundll32.exe
PID 3028 wrote to memory of 1828	3028	rundll32.exe	rundll32.exe
PID 3028 wrote to memory of 1828	3028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\HALBORG.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\HALBORG.dll,#1
  2⤵
  PID:1828

memory/1828-0-0x0000000000120000-0x0000000000145000-memory.dmp

Filesize
148KB

Download
memory/1828-1-0x0000000000120000-0x0000000000145000-memory.dmp

Filesize
148KB

Download
memory/1828-3-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download
memory/1828-2-0x0000000000130000-0x0000000000155000-memory.dmp

Filesize
148KB

Download
memory/1828-4-0x0000000000130000-0x0000000000132000-memory.dmp

Filesize
8KB

Download