1614486b8fc3825ff3fa0b4e1ab98027f423014d5cfecda4ee2da333bc514d15

Analysis

max time kernel
14s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 20:22

Target

048a6a3669ed37d9e9e1c041268a45b0N.dll
Size

5KB
MD5

048a6a3669ed37d9e9e1c041268a45b0
SHA1

d172ed3f45b67631082fbfb5d2998a9b90c9b8f5
SHA256

1614486b8fc3825ff3fa0b4e1ab98027f423014d5cfecda4ee2da333bc514d15
SHA512

0b6787a1fe7af7264b1c009560e0d9e242962cfe6939db39f50bdc83c29da931798a7aa2e9c76718f60c85591a623c3438481b2ce3f8677f4da0904915ef9854
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqL3z9OXWjSB0NVjlq9EgRMy9a9meaDrwCXE:hy859x0P8Man0XJB0NVjCEYOKfbo+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2092	1856	rundll32.exe	30
PID 1856 wrote to memory of 2092	1856	rundll32.exe	30
PID 1856 wrote to memory of 2092	1856	rundll32.exe	30
PID 1856 wrote to memory of 2092	1856	rundll32.exe	30
PID 1856 wrote to memory of 2092	1856	rundll32.exe	30
PID 1856 wrote to memory of 2092	1856	rundll32.exe	30
PID 1856 wrote to memory of 2092	1856	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\048a6a3669ed37d9e9e1c041268a45b0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\048a6a3669ed37d9e9e1c041268a45b0N.dll,#1
  2⤵
  PID:2092