01ce406541ad8301523e415a187da19c4f254a90b9e18e02aea95de432792ba6

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 00:58

Target

51a279222ea55abed1a78cba857175a0N.dll
Size

2.2MB
MD5

51a279222ea55abed1a78cba857175a0
SHA1

14fe181a8519f288fa0365fd763a0cde6ae4d031
SHA256

01ce406541ad8301523e415a187da19c4f254a90b9e18e02aea95de432792ba6
SHA512

38511f85f9bce59990c7ed25a8f81659203bd510ff1402cf0ef855e342ada7e97d173b29cafc6a03814cc8491fc40160284bfc684579b605fc12a8a6ae40a9e2
SSDEEP

49152:5WCJfI760+dYUJUNlynyhKHIYchj7xevOdD7XZX2xx:YCl2+qc3yhzjevqD7Xx8x

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	2788	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2788	2736	rundll32.exe	30
PID 2736 wrote to memory of 2788	2736	rundll32.exe	30
PID 2736 wrote to memory of 2788	2736	rundll32.exe	30
PID 2736 wrote to memory of 2788	2736	rundll32.exe	30
PID 2736 wrote to memory of 2788	2736	rundll32.exe	30
PID 2736 wrote to memory of 2788	2736	rundll32.exe	30
PID 2736 wrote to memory of 2788	2736	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\51a279222ea55abed1a78cba857175a0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\51a279222ea55abed1a78cba857175a0N.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:2788

memory/2788-2-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download
memory/2788-0-0x0000000010000000-0x0000000010226000-memory.dmp

Filesize
2.1MB

Download
memory/2788-6-0x0000000002500000-0x000000000260E000-memory.dmp

Filesize
1.1MB

Download
memory/2788-7-0x0000000000580000-0x0000000000675000-memory.dmp

Filesize
980KB

Download
memory/2788-10-0x0000000000580000-0x0000000000675000-memory.dmp

Filesize
980KB

Download
memory/2788-11-0x0000000010000000-0x0000000010226000-memory.dmp

Filesize
2.1MB

Download
memory/2788-13-0x0000000000580000-0x0000000000675000-memory.dmp

Filesize
980KB

Download
memory/2788-15-0x0000000002F90000-0x0000000003073000-memory.dmp

Filesize
908KB

Download
memory/2788-14-0x0000000002610000-0x0000000002F8C000-memory.dmp

Filesize
9.5MB

Download
memory/2788-16-0x0000000003080000-0x0000000003167000-memory.dmp

Filesize
924KB

Download
memory/2788-17-0x0000000003080000-0x0000000003167000-memory.dmp

Filesize
924KB

Download
memory/2788-19-0x0000000003080000-0x0000000003167000-memory.dmp

Filesize
924KB

Download
memory/2788-20-0x0000000000130000-0x0000000000132000-memory.dmp

Filesize
8KB

Download
memory/2788-21-0x0000000000140000-0x0000000000144000-memory.dmp

Filesize
16KB

Download