c0d678478b68084c7750369ddcdfb1afd13aae114ece242cae06dc7a34a84ca9

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 20:37

Target

4cef5835072bb0290a05f9c5281d4a614733f480ba7f1904ae91325a10a15a04.dll
Size

52KB
MD5

c6206b8eacabc1dc3578cec2b91c949a
SHA1

93e8445862950ef682c2d22a9de929b72547643a
SHA256

4cef5835072bb0290a05f9c5281d4a614733f480ba7f1904ae91325a10a15a04
SHA512

ffdda3a16b877e07e86271e58326e5b6fd4655e3d96b77c123efbfb0523f81435713e2aad425559de9f151ae4069d9a8b1f5ced6ea730cd8219e85dccda11669
SSDEEP

384:qC4FhCrBzv0z841J7eksD5D2Uf3DCXYy6faKqiXC86jwfI/PKc2Ssq3XNC+a0FTw:qC4Fg+Wtz/ty6fhXC86qAPp2SsqowTq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2424	2456	rundll32.exe	28
PID 2456 wrote to memory of 2424	2456	rundll32.exe	28
PID 2456 wrote to memory of 2424	2456	rundll32.exe	28
PID 2456 wrote to memory of 2424	2456	rundll32.exe	28
PID 2456 wrote to memory of 2424	2456	rundll32.exe	28
PID 2456 wrote to memory of 2424	2456	rundll32.exe	28
PID 2456 wrote to memory of 2424	2456	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cef5835072bb0290a05f9c5281d4a614733f480ba7f1904ae91325a10a15a04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cef5835072bb0290a05f9c5281d4a614733f480ba7f1904ae91325a10a15a04.dll,#1
  2⤵
  PID:2424