a4b99af40cdd976445c969a8b26ad6308f804ef5cb14b99a1189b610eec8b245

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 01:03

Target

a4b99af40cdd976445c969a8b26ad6308f804ef5cb14b99a1189b610eec8b245.dll
Size

616KB
MD5

a84c4c18e537735c1d925c0eeedbb76b
SHA1

4eab07d9a12d8b135e0c510ab38d65c938f23135
SHA256

a4b99af40cdd976445c969a8b26ad6308f804ef5cb14b99a1189b610eec8b245
SHA512

8ab9934bed805b7dd65d21b2a44e998b4bf39c89920842c97d858cf474d90f768aba10e55d1016254a76231c6cf25b2f38035ee5c8ab850604afa23e27a3b07e
SSDEEP

12288:vktyrANthiFZqXrpouvLbeP2mgcfTvcAQNCii19Y7iCFtJStw+wlB5sCH7Pi8UYo:vktyrANtUF+p3vLC6u

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2104	1948	rundll32.exe	28
PID 1948 wrote to memory of 2104	1948	rundll32.exe	28
PID 1948 wrote to memory of 2104	1948	rundll32.exe	28
PID 1948 wrote to memory of 2104	1948	rundll32.exe	28
PID 1948 wrote to memory of 2104	1948	rundll32.exe	28
PID 1948 wrote to memory of 2104	1948	rundll32.exe	28
PID 1948 wrote to memory of 2104	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4b99af40cdd976445c969a8b26ad6308f804ef5cb14b99a1189b610eec8b245.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4b99af40cdd976445c969a8b26ad6308f804ef5cb14b99a1189b610eec8b245.dll,#1
  2⤵
  PID:2104