0bdbc3cebdb137ee1808cf56859a1622fe8eab735c34a371f08facf04bed9d61

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 18:35

Target

0bdbc3cebdb137ee1808cf56859a1622fe8eab735c34a371f08facf04bed9d61.dll
Size

5KB
MD5

3bc668a130c098de4341c72c1ac37547
SHA1

cd973d2e0109443c262c3eace0d11d75d7fcf387
SHA256

0bdbc3cebdb137ee1808cf56859a1622fe8eab735c34a371f08facf04bed9d61
SHA512

014b0507f56c5854fcb50c94d52d3bd70dda2ba7a8d67faba056270d7344f1cd4816ecc2427b48a76f4aa28ad52883579990264af116eb838a609fa1cd2cab5a
SSDEEP

96:hy859x0P8MaEWDoa1D2aXEdu7bHSj2ty:F5oLgD2t2t

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2152	2140	rundll32.exe	29
PID 2140 wrote to memory of 2152	2140	rundll32.exe	29
PID 2140 wrote to memory of 2152	2140	rundll32.exe	29
PID 2140 wrote to memory of 2152	2140	rundll32.exe	29
PID 2140 wrote to memory of 2152	2140	rundll32.exe	29
PID 2140 wrote to memory of 2152	2140	rundll32.exe	29
PID 2140 wrote to memory of 2152	2140	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bdbc3cebdb137ee1808cf56859a1622fe8eab735c34a371f08facf04bed9d61.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bdbc3cebdb137ee1808cf56859a1622fe8eab735c34a371f08facf04bed9d61.dll,#1
  2⤵
  PID:2152