ac6d3f36922917f8ac7873fbc4a0a06334daf12c04bd6e4809ff56d7c2283a84

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 07:46

Target

联通宽带拨号客户端/MFC42D.dll
Size

940KB
MD5

71846abc9fa408fc283d174194caf29d
SHA1

34d5f0a5e5b7f14de788ff3a56a7e0664ed2b60c
SHA256

2c26c4862f0508b67d98cfc453c347fe1544c00e2af1cc6574da240a5cbea63a
SHA512

6f2ca5b406e8a2781e254fb2e66b5b5b266094cce8c3d5f68cdb21ce916614d2f57dacd2192b1eb7037141d5960edf114aab216c0f13a820e5189c1f2fd371ff
SSDEEP

12288:4Whs6xRTgvcR3z4i2TvNFrD4N5I3ppqVOfSajVnOG87s/UP2z2LP1h274xafGPRa:H3gXi2/4NUMYcGG2zgNU7qafyRvhU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2940	2892	rundll32.exe	28
PID 2892 wrote to memory of 2940	2892	rundll32.exe	28
PID 2892 wrote to memory of 2940	2892	rundll32.exe	28
PID 2892 wrote to memory of 2940	2892	rundll32.exe	28
PID 2892 wrote to memory of 2940	2892	rundll32.exe	28
PID 2892 wrote to memory of 2940	2892	rundll32.exe	28
PID 2892 wrote to memory of 2940	2892	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\联通宽带拨号客户端\MFC42D.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\联通宽带拨号客户端\MFC42D.dll,#1
  2⤵
  PID:2940