8d3dd5a7840c940b9c113d0256ac06b648eb9ef9d8f896b3a6db8bec27ac2bda

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 18:35

Target

8d3dd5a7840c940b9c113d0256ac06b648eb9ef9d8f896b3a6db8bec27ac2bda.dll
Size

64KB
MD5

5488fd101b9305643af13b75220e0321
SHA1

8197f58b0ed92e8fd417b16e30cd697e404dcac4
SHA256

8d3dd5a7840c940b9c113d0256ac06b648eb9ef9d8f896b3a6db8bec27ac2bda
SHA512

50f3c535f97646989e9fd53483a340f08ea0f21e8428c07add6648f771f1e14d258e303f5b760d065e2b3c3f3eceab69927d35c5875185be40dfb694033580d7
SSDEEP

1536:urYwoQrr5bFr0i6Hpbd+5Wei6ITGb3/X1iTliO2:ufGbd+5WgX1iTliO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2216	2432	rundll32.exe	28
PID 2432 wrote to memory of 2216	2432	rundll32.exe	28
PID 2432 wrote to memory of 2216	2432	rundll32.exe	28
PID 2432 wrote to memory of 2216	2432	rundll32.exe	28
PID 2432 wrote to memory of 2216	2432	rundll32.exe	28
PID 2432 wrote to memory of 2216	2432	rundll32.exe	28
PID 2432 wrote to memory of 2216	2432	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d3dd5a7840c940b9c113d0256ac06b648eb9ef9d8f896b3a6db8bec27ac2bda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d3dd5a7840c940b9c113d0256ac06b648eb9ef9d8f896b3a6db8bec27ac2bda.dll,#1
  2⤵
  PID:2216