106c8028a3f14fc1ed1379dcd2476945434bc7a18d680cb1678b4dad31175d53

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 18:49

Target

106c8028a3f14fc1ed1379dcd2476945434bc7a18d680cb1678b4dad31175d53.dll
Size

2.0MB
MD5

fb1439e5a6552a6fac72fd41bf44d55c
SHA1

a86aff83651a493d6a2800248a2486dfdc27a921
SHA256

106c8028a3f14fc1ed1379dcd2476945434bc7a18d680cb1678b4dad31175d53
SHA512

ddf1343f31ad9b7983c2c0421128230c7d9d67916aed5e40f2582d6301b99a0fbb9362290cc2e6b09f594419dcdd5dba42b8e5ce1c48743103ad04e1f450cf21
SSDEEP

49152:M6529/SByKKZgrns90nwezFzCHxRPWGUM4YyoMo:Mb9/SBypZgrxnwUFz8PVUM4YyK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\106c8028a3f14fc1ed1379dcd2476945434bc7a18d680cb1678b4dad31175d53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\106c8028a3f14fc1ed1379dcd2476945434bc7a18d680cb1678b4dad31175d53.dll,#1
  2⤵
  PID:2188