4cae647d4801e9612c35c6828192ab238c443550a470256048ad9bfbfdc8e136

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 07:58

Target

$0/questbasic.dll
Size

788KB
MD5

f73ab63153a91084e579af2d8783b84c
SHA1

907d3daf44f919406e45a43aaeb1869179c59df2
SHA256

450764fb56944d15b36dbab84818a81ecf266a976675972206f5279bf96276d9
SHA512

cf1c730762a3786c493eced29f63b5c4c6a7cfe9dc233a664151226e5e66cd41e1d3f1f5efd79d5029305b958b8429460da8660fa022dc50f5ff81026bec91e3
SSDEEP

12288:DPbVBXG/rAEN1D2d/ie+/fbsB1RFSWhcjVK+F+pPLZexv9d06KEp24JgyMruqUir:jXI8EN1ma6fFSJd+p1ed9tRbMqTCD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2504	2480	rundll32.exe	30
PID 2480 wrote to memory of 2504	2480	rundll32.exe	30
PID 2480 wrote to memory of 2504	2480	rundll32.exe	30
PID 2480 wrote to memory of 2504	2480	rundll32.exe	30
PID 2480 wrote to memory of 2504	2480	rundll32.exe	30
PID 2480 wrote to memory of 2504	2480	rundll32.exe	30
PID 2480 wrote to memory of 2504	2480	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\questbasic.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\questbasic.dll,#1
  2⤵
  PID:2504