c18d8f1f3a6caff08b48f8630b06ba351d54e2f28f8ab527996210670951f60c

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 07:17

Target

$PLUGINSDIR/Install.dll
Size

99KB
MD5

29358a426d78ac1d5d9bc6ee27cb8c18
SHA1

5d93cba761a249f9c67efbebbb14bfdf44a7dcde
SHA256

f14dae321f5f880eef5812055940883c29d577d6f9b5b9242a4079d975910fa5
SHA512

cca026062e8afdfcb5a15648418f26398e8f6a1ce3196a32c79bea67669fb59a6ddd8b32c20587944d38594169d90508a195cd2919f8e0b38c7d3cb8b81b685d
SSDEEP

1536:aJy82l4tuk0h6ABx+1NNcXxkKE84eRiyQjEeeRLPGJelTrQdFe5mHHxx8MhbSUCP:ag5zX6BJMWEeAbGKEYR5BubXL3VGl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2204	1908	rundll32.exe	30
PID 1908 wrote to memory of 2204	1908	rundll32.exe	30
PID 1908 wrote to memory of 2204	1908	rundll32.exe	30
PID 1908 wrote to memory of 2204	1908	rundll32.exe	30
PID 1908 wrote to memory of 2204	1908	rundll32.exe	30
PID 1908 wrote to memory of 2204	1908	rundll32.exe	30
PID 1908 wrote to memory of 2204	1908	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Install.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Install.dll,#1
  2⤵
  PID:2204