99eb786fa58f491600ba4ba318fe1ad63afc8b8b490f158bca9ea51ec6795f06

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 00:11

Target

99eb786fa58f491600ba4ba318fe1ad63afc8b8b490f158bca9ea51ec6795f06.dll
Size

296KB
MD5

28f29bd4ba24e75f4e2897470a0c66ee
SHA1

cbd38edd2ba5ae622c84ba8e3bae9b599cb1385b
SHA256

99eb786fa58f491600ba4ba318fe1ad63afc8b8b490f158bca9ea51ec6795f06
SHA512

452aafe4784dffc96eed185b9a09691a0a100ba1b833b20392f7f379ff899159024f09a3d66e219b5379d09b347d7d1df2c2674e63e786255c59652f1436cbfc
SSDEEP

3072:KBah4VKakOrWDUpwKzuNCXO+sOAEky7GOIW3I0l3ZzYVYkUyo:YVKTWEOIWY43ZZo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2072	2164	rundll32.exe	28
PID 2164 wrote to memory of 2072	2164	rundll32.exe	28
PID 2164 wrote to memory of 2072	2164	rundll32.exe	28
PID 2164 wrote to memory of 2072	2164	rundll32.exe	28
PID 2164 wrote to memory of 2072	2164	rundll32.exe	28
PID 2164 wrote to memory of 2072	2164	rundll32.exe	28
PID 2164 wrote to memory of 2072	2164	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99eb786fa58f491600ba4ba318fe1ad63afc8b8b490f158bca9ea51ec6795f06.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99eb786fa58f491600ba4ba318fe1ad63afc8b8b490f158bca9ea51ec6795f06.dll,#1
  2⤵
  PID:2072