edf1156136e85103161f9dc362ba60be921b691f06331a70fc381eed7ccc712e

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 22:55

Target

0afc718cbaaa67f8b3e0397d66980cd0N.dll
Size

6KB
MD5

0afc718cbaaa67f8b3e0397d66980cd0
SHA1

9485a7349841a21003f254378f8fe8ed64f3d19f
SHA256

edf1156136e85103161f9dc362ba60be921b691f06331a70fc381eed7ccc712e
SHA512

0d01db609c0f14d8b0fd726244b31d6262b7d4c98404119f405442ee897f4c99dc0a1ac03f5cfb7ed885cbdb967d050011e0c10f8004d15c4b4accc84e7703ed
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G0SWB+BDq9J5S2:0QDV8FscMjsLFV3aWB+FqX5S2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0afc718cbaaa67f8b3e0397d66980cd0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0afc718cbaaa67f8b3e0397d66980cd0N.dll,#1
  2⤵
  PID:2096