b79afb1ae1b35719c7a92f6ed408edb35f4de691b8c47c2a01fd8c18e9e75032

Analysis

max time kernel
15s
max time network
21s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 12:46

Target

dc33858cdc815a72db08e91982836440N.dll
Size

492KB
MD5

dc33858cdc815a72db08e91982836440
SHA1

1cf4b4791a3ba7c44becff811ddb787bcccb0288
SHA256

b79afb1ae1b35719c7a92f6ed408edb35f4de691b8c47c2a01fd8c18e9e75032
SHA512

12cc913ed5bb1214a964dee8633fc42d91d9f22e82871a54c93b6575c7af2fa282c771519cb5f41a3c160d121e8e39ca629ec77bf71a66605d63947306537953
SSDEEP

12288:i8F7C4RYGfJsJkjUVOLOcvu3W/A9ILEiV8tpWrBk/YNKmaPmmDjKzTueJiwD9aLe:vF7C4RYGfJsyjeOLNvu3W/A9ILEiV8t6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2284	1412	rundll32.exe	31
PID 1412 wrote to memory of 2284	1412	rundll32.exe	31
PID 1412 wrote to memory of 2284	1412	rundll32.exe	31
PID 1412 wrote to memory of 2284	1412	rundll32.exe	31
PID 1412 wrote to memory of 2284	1412	rundll32.exe	31
PID 1412 wrote to memory of 2284	1412	rundll32.exe	31
PID 1412 wrote to memory of 2284	1412	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc33858cdc815a72db08e91982836440N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc33858cdc815a72db08e91982836440N.dll,#1
  2⤵
  PID:2284