c37bcaccc61f7698945c719052f777bf7a1deb385b5ef2e4c16125491fc4ea98

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 02:15

Target

c37bcaccc61f7698945c719052f777bf7a1deb385b5ef2e4c16125491fc4ea98.dll
Size

46KB
MD5

f5f21cc43676ed8280a713cba983c0cf
SHA1

c5ccc20aa9fe276a8403805e707ac525dba7fcf7
SHA256

c37bcaccc61f7698945c719052f777bf7a1deb385b5ef2e4c16125491fc4ea98
SHA512

3115441068535a3016ed68e4401511ef502a179b19a98d9a0643fd38084ebfd7a561c2254eb21cc22a2eb95c69ad40a3106ac160240d88f6f5d505b3dcc38df0
SSDEEP

768:n8mfJjVzLg8r0CCrT79+mCfkebx08N6YojKECEB9I5Rdffv:n8gXr4fT7LSTzojKldH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1948	1704	rundll32.exe	28
PID 1704 wrote to memory of 1948	1704	rundll32.exe	28
PID 1704 wrote to memory of 1948	1704	rundll32.exe	28
PID 1704 wrote to memory of 1948	1704	rundll32.exe	28
PID 1704 wrote to memory of 1948	1704	rundll32.exe	28
PID 1704 wrote to memory of 1948	1704	rundll32.exe	28
PID 1704 wrote to memory of 1948	1704	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c37bcaccc61f7698945c719052f777bf7a1deb385b5ef2e4c16125491fc4ea98.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c37bcaccc61f7698945c719052f777bf7a1deb385b5ef2e4c16125491fc4ea98.dll,#1
  2⤵
  PID:1948

memory/1948-0-0x00000000001A0000-0x00000000001B2000-memory.dmp

Filesize
72KB

Download