052cd394d318dfe549cfad25d490d6af9647b0719a3980e5dddfc95edcdfd9c0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 19:57

Target

052cd394d318dfe549cfad25d490d6af9647b0719a3980e5dddfc95edcdfd9c0.dll
Size

2.1MB
MD5

7d2d18b52bbf3f3f52e42d10bae08cd0
SHA1

f0c18d1402a3cd75f42a50b8e8feeb0717a30fb5
SHA256

052cd394d318dfe549cfad25d490d6af9647b0719a3980e5dddfc95edcdfd9c0
SHA512

048869df54a066247b93fe20eefee0e3fea470e3752a1adf53e1bcfbaf584f9a5b1b0b84c6a862ac6a9dca781edbd4e9bd095ada2c357d1202e2c60de7381f3a
SSDEEP

49152:KofQOhjGRWH/jOYaRtYDvCg+SkDDN9CCTTU:xfz5u4OZ+23DiCc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2820	2060	rundll32.exe	28
PID 2060 wrote to memory of 2820	2060	rundll32.exe	28
PID 2060 wrote to memory of 2820	2060	rundll32.exe	28
PID 2060 wrote to memory of 2820	2060	rundll32.exe	28
PID 2060 wrote to memory of 2820	2060	rundll32.exe	28
PID 2060 wrote to memory of 2820	2060	rundll32.exe	28
PID 2060 wrote to memory of 2820	2060	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\052cd394d318dfe549cfad25d490d6af9647b0719a3980e5dddfc95edcdfd9c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\052cd394d318dfe549cfad25d490d6af9647b0719a3980e5dddfc95edcdfd9c0.dll,#1
  2⤵
  PID:2820

memory/2820-0-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2820-1-0x0000000010000000-0x0000000010212000-memory.dmp

Filesize
2.1MB

Download
memory/2820-7-0x00000000022D0000-0x00000000023E6000-memory.dmp

Filesize
1.1MB

Download
memory/2820-11-0x0000000000780000-0x000000000087C000-memory.dmp

Filesize
1008KB

Download
memory/2820-8-0x0000000000780000-0x000000000087C000-memory.dmp

Filesize
1008KB

Download
memory/2820-12-0x0000000010000000-0x0000000010212000-memory.dmp

Filesize
2.1MB

Download
memory/2820-14-0x0000000000780000-0x000000000087C000-memory.dmp

Filesize
1008KB

Download
memory/2820-16-0x0000000004290000-0x000000000437D000-memory.dmp

Filesize
948KB

Download
memory/2820-15-0x00000000023F0000-0x000000000428C000-memory.dmp

Filesize
30.6MB

Download
memory/2820-18-0x0000000004380000-0x0000000004477000-memory.dmp

Filesize
988KB

Download
memory/2820-21-0x0000000004380000-0x0000000004477000-memory.dmp

Filesize
988KB

Download
memory/2820-22-0x0000000000060000-0x0000000000062000-memory.dmp

Filesize
8KB

Download
memory/2820-23-0x0000000026740000-0x0000000026744000-memory.dmp

Filesize
16KB

Download