38e28be8b903858c00afdbe4ef64cd7c804aee5ca4cbdfc8022b3c1c39d5a9f3

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 04:25

Target

40ddcb84780b1007e6c30635b2742690.dll
Size

520KB
MD5

40ddcb84780b1007e6c30635b2742690
SHA1

1aa26a33e7fcb3cbdbbcb503841e992203b494d3
SHA256

38e28be8b903858c00afdbe4ef64cd7c804aee5ca4cbdfc8022b3c1c39d5a9f3
SHA512

2e59d2b9454e8a8214dcf4c3c5a97fce1298c474a8609b13b67936d7e52954e425249586abd5ad0954b18438255147aa9db889542b80feeed7d429afd1d65b5c
SSDEEP

12288:8gRWL0mk2W6bfqU8f5jQK+fgl91wgCfrRh5l74OAr:K00zfqU8f5jepzb5mOAr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1976	3032	rundll32.exe	30
PID 3032 wrote to memory of 1976	3032	rundll32.exe	30
PID 3032 wrote to memory of 1976	3032	rundll32.exe	30
PID 3032 wrote to memory of 1976	3032	rundll32.exe	30
PID 3032 wrote to memory of 1976	3032	rundll32.exe	30
PID 3032 wrote to memory of 1976	3032	rundll32.exe	30
PID 3032 wrote to memory of 1976	3032	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40ddcb84780b1007e6c30635b2742690.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40ddcb84780b1007e6c30635b2742690.dll,#1
  2⤵
  PID:1976