1bab47802e86b05a87be9d19615be5a2a4074f1b9db964bfb403ebc88180b0a6

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 23:37

Target

1bab47802e86b05a87be9d19615be5a2a4074f1b9db964bfb403ebc88180b0a6.dll
Size

6KB
MD5

1aeb5aa28c96c76aabf3a406925c9880
SHA1

b5e08f21742ca0bd24b6dea4447eac377aa40d7d
SHA256

1bab47802e86b05a87be9d19615be5a2a4074f1b9db964bfb403ebc88180b0a6
SHA512

08b75c4ad489ad4fc19e979e3e579b5c1affd611fd1718e63905c5c048ace4ea7b4ebbc995f9f50b528a8ccee8c3d6c8dead0d81c051566e1271cf4a7085a031
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0xB+BDq9J5SH:VDa9VUX9bQWRB+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3012	3032	rundll32.exe	28
PID 3032 wrote to memory of 3012	3032	rundll32.exe	28
PID 3032 wrote to memory of 3012	3032	rundll32.exe	28
PID 3032 wrote to memory of 3012	3032	rundll32.exe	28
PID 3032 wrote to memory of 3012	3032	rundll32.exe	28
PID 3032 wrote to memory of 3012	3032	rundll32.exe	28
PID 3032 wrote to memory of 3012	3032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bab47802e86b05a87be9d19615be5a2a4074f1b9db964bfb403ebc88180b0a6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bab47802e86b05a87be9d19615be5a2a4074f1b9db964bfb403ebc88180b0a6.dll,#1
  2⤵
  PID:3012