e95b5f032ed246f3f9c0bc27017e46940056f5c5fa3dbb7b2f6e0c965e69a4f2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 16:27

Target

foo_ui_columns.dll
Size

213KB
MD5

a308080fdd393783483eac54002ced7b
SHA1

4ba112c878c23f400c29ad66defaaf00b68e8be9
SHA256

28b643f4299977b540a21fd8a77e97220f75b3d168c8290ca236115b8506591c
SHA512

c6734c7cd35abdd7ab7a413f8a75c15b7776aec2e5dc6fe9a00cf4c6736735d928d2d27ecdcb2ea632ecab204beef9fe60a8a83271362b80b193427d4a6daa03
SSDEEP

3072:sfxKyB9zdxVvGrh5BP3BVZjCuvSdgXCRWbIFJA3DBpfvRo23nVLR5J+iE9QRb2Zu:spKof+r1nt9hpFV95JUVtA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2304	2292	rundll32.exe	28
PID 2292 wrote to memory of 2304	2292	rundll32.exe	28
PID 2292 wrote to memory of 2304	2292	rundll32.exe	28
PID 2292 wrote to memory of 2304	2292	rundll32.exe	28
PID 2292 wrote to memory of 2304	2292	rundll32.exe	28
PID 2292 wrote to memory of 2304	2292	rundll32.exe	28
PID 2292 wrote to memory of 2304	2292	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\foo_ui_columns.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\foo_ui_columns.dll,#1
  2⤵
  PID:2304