1376a31267bf7996df7f108527cae8d268006ed289d9376fe0a2900a2fa5e409

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 22:16

Target

1376a31267bf7996df7f108527cae8d268006ed289d9376fe0a2900a2fa5e409.dll
Size

6KB
MD5

5a84dce1eb34da55107b6c088cf2bc40
SHA1

bef238b365c5b82e14a262e55f5b1953d0ad4716
SHA256

1376a31267bf7996df7f108527cae8d268006ed289d9376fe0a2900a2fa5e409
SHA512

3001a8bd5ca896e5d9ef42d10715eef3f1fe87d46a11737de6a71905ae772e05463f84f0cc35ca2bb89dee11116a7488e89e4d04ea362b3aa5f8ecd50c1f9eb2
SSDEEP

96:z0QR9B6BvAwb0kVl3fqTZctnbYOBGqs2FGxNz2Uiyh7HjI6f:JR94/bh7i1LOBGqs2FGxNz2ryh7DJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1952	2296	rundll32.exe	30
PID 2296 wrote to memory of 1952	2296	rundll32.exe	30
PID 2296 wrote to memory of 1952	2296	rundll32.exe	30
PID 2296 wrote to memory of 1952	2296	rundll32.exe	30
PID 2296 wrote to memory of 1952	2296	rundll32.exe	30
PID 2296 wrote to memory of 1952	2296	rundll32.exe	30
PID 2296 wrote to memory of 1952	2296	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1376a31267bf7996df7f108527cae8d268006ed289d9376fe0a2900a2fa5e409.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1376a31267bf7996df7f108527cae8d268006ed289d9376fe0a2900a2fa5e409.dll,#1
  2⤵
  PID:1952