82ff54ad611d8e074caaef4c8f8c55dbb6438a84fdd962bbeb42ff2e9a43c7a7

Analysis

max time kernel
10s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 12:42

Target

dbd1ab2066fcbde193963faa14eb5af0N.dll
Size

113KB
MD5

dbd1ab2066fcbde193963faa14eb5af0
SHA1

f6374987192cf1f1005eec6f07c5fb666861af38
SHA256

82ff54ad611d8e074caaef4c8f8c55dbb6438a84fdd962bbeb42ff2e9a43c7a7
SHA512

6eda10648b22fe273d86eb43f8a04d02d680e0a276594540ca7fafa726d6e5b0efeb21fbd4c2eff8ce02a1eab5e8cc94a3a06666fcda0f7ae6695f919e0d3a90
SSDEEP

1536:d9Yq94mzi+9qJEQfx96seS20DBWP7jgwfJlnWzn3+sBMBelG8GTf3d7K:v6mziBRuseS20D8/Rli3+Remf3d7K

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2140	3012	rundll32.exe	29
PID 3012 wrote to memory of 2140	3012	rundll32.exe	29
PID 3012 wrote to memory of 2140	3012	rundll32.exe	29
PID 3012 wrote to memory of 2140	3012	rundll32.exe	29
PID 3012 wrote to memory of 2140	3012	rundll32.exe	29
PID 3012 wrote to memory of 2140	3012	rundll32.exe	29
PID 3012 wrote to memory of 2140	3012	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dbd1ab2066fcbde193963faa14eb5af0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dbd1ab2066fcbde193963faa14eb5af0N.dll,#1
  2⤵
  PID:2140

memory/2140-0-0x0000000000160000-0x0000000000185000-memory.dmp

Filesize
148KB

Download