e2cadb0766cf2fc20a527c917f4475388ef3fbd73b8e0c6d071b695afbb1dba3

Resubmissions

04-07-2024 17:22

04-07-2024 17:19

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 17:19

Target

[DemonArchives]6e102d15d6af7c43d43141e9d2a1206b.dll
Size

2.1MB
MD5

6e102d15d6af7c43d43141e9d2a1206b
SHA1

a2c8da5e6f961860543edcc83525039412b751e0
SHA256

2c9aca84ed7396d9e0d9bdd7cf3c474a4f92439c407b1da7a5f836f79e77a965
SHA512

234fb605e3fbe7eaf32ea3b807364a080f064cf7be2e56e9c4999380f7b617f7847430e5895e158c3f7e64e446acef6aa5e142bf288a4ba43b6fb498bbc91660
SSDEEP

49152:zHLIQgREe4/q7cpao9/PRyBzMS4nd89ZcmO2:zrI9RE5cO/P2zMSp9LO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2420	2364	rundll32.exe	28
PID 2364 wrote to memory of 2420	2364	rundll32.exe	28
PID 2364 wrote to memory of 2420	2364	rundll32.exe	28
PID 2364 wrote to memory of 2420	2364	rundll32.exe	28
PID 2364 wrote to memory of 2420	2364	rundll32.exe	28
PID 2364 wrote to memory of 2420	2364	rundll32.exe	28
PID 2364 wrote to memory of 2420	2364	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\[DemonArchives]6e102d15d6af7c43d43141e9d2a1206b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\[DemonArchives]6e102d15d6af7c43d43141e9d2a1206b.dll,#1
  2⤵
  PID:2420

memory/2420-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2420-1-0x0000000010000000-0x000000001020F000-memory.dmp

Filesize
2.1MB

Download
memory/2420-4-0x00000000028D0000-0x0000000002A0B000-memory.dmp

Filesize
1.2MB

Download
memory/2420-5-0x0000000002A10000-0x0000000002B2C000-memory.dmp

Filesize
1.1MB

Download
memory/2420-8-0x0000000002A10000-0x0000000002B2C000-memory.dmp

Filesize
1.1MB

Download
memory/2420-9-0x0000000010000000-0x000000001020F000-memory.dmp

Filesize
2.1MB

Download
memory/2420-13-0x0000000002A10000-0x0000000002B2C000-memory.dmp

Filesize
1.1MB

Download
memory/2420-14-0x0000000002B30000-0x000000000480E000-memory.dmp

Filesize
28.9MB

Download
memory/2420-15-0x0000000000420000-0x000000000052F000-memory.dmp

Filesize
1.1MB

Download
memory/2420-16-0x0000000004810000-0x000000000492A000-memory.dmp

Filesize
1.1MB

Download
memory/2420-17-0x0000000004810000-0x000000000492A000-memory.dmp

Filesize
1.1MB

Download
memory/2420-19-0x0000000004810000-0x000000000492A000-memory.dmp

Filesize
1.1MB

Download
memory/2420-20-0x00000000000B0000-0x00000000000C2000-memory.dmp

Filesize
72KB

Download
memory/2420-21-0x000000003F6F0000-0x000000003F73F000-memory.dmp

Filesize
316KB

Download