ffd1b92af29a44679e5c06a9e81b25fe0c827621519a4a516a02329082480866

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 05:24

Target

ffd1b92af29a44679e5c06a9e81b25fe0c827621519a4a516a02329082480866.dll
Size

5KB
MD5

79cf8c68f468f412a41498193a820b5b
SHA1

b6f7852685aff5b32e358d4c33602b46325ed251
SHA256

ffd1b92af29a44679e5c06a9e81b25fe0c827621519a4a516a02329082480866
SHA512

4ac5188ac0ac77211e3a76a43b6c56978cbb7c04939b4176a17757d72371e950596dd5ba69bb730a27af8665ecc0e8972f7738325589b52b64143e234289109b
SSDEEP

96:VGEETrMLH5Y42cQMFmmM8uELygs0Lzd23bj:efMf2yF+y6bj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2256	1824	rundll32.exe	28
PID 1824 wrote to memory of 2256	1824	rundll32.exe	28
PID 1824 wrote to memory of 2256	1824	rundll32.exe	28
PID 1824 wrote to memory of 2256	1824	rundll32.exe	28
PID 1824 wrote to memory of 2256	1824	rundll32.exe	28
PID 1824 wrote to memory of 2256	1824	rundll32.exe	28
PID 1824 wrote to memory of 2256	1824	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffd1b92af29a44679e5c06a9e81b25fe0c827621519a4a516a02329082480866.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffd1b92af29a44679e5c06a9e81b25fe0c827621519a4a516a02329082480866.dll,#1
  2⤵
  PID:2256