798d44f5eb349aaba1f3325c44b2d9341e5e921cbb6b82eba59241c9989bf643

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/06/2024, 08:30

Target

798d44f5eb349aaba1f3325c44b2d9341e5e921cbb6b82eba59241c9989bf643.dll
Size

200KB
MD5

b31b87c4b8803aa872bf36cfef21363e
SHA1

171cf027efa772914a27ccaeeed43592601a2fb4
SHA256

798d44f5eb349aaba1f3325c44b2d9341e5e921cbb6b82eba59241c9989bf643
SHA512

3eeacf8b2b6637afa1f6b9761da8e63d2739bb32c84be883d5603302fc90feb143c3c0775d912a57c31b5c97d375beed2cda0c986b1a1682810730cb4a4654bc
SSDEEP

3072:eH5IiT5S49FtZH17fqWImmnEtPzXfDw0wfwH2BlPAuaY5:enM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2424	2420	rundll32.exe	28
PID 2420 wrote to memory of 2424	2420	rundll32.exe	28
PID 2420 wrote to memory of 2424	2420	rundll32.exe	28
PID 2420 wrote to memory of 2424	2420	rundll32.exe	28
PID 2420 wrote to memory of 2424	2420	rundll32.exe	28
PID 2420 wrote to memory of 2424	2420	rundll32.exe	28
PID 2420 wrote to memory of 2424	2420	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\798d44f5eb349aaba1f3325c44b2d9341e5e921cbb6b82eba59241c9989bf643.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\798d44f5eb349aaba1f3325c44b2d9341e5e921cbb6b82eba59241c9989bf643.dll,#1
  2⤵
  PID:2424