8f8262c05b6d495bcf21c20a272b6ef4fa927b1fd72b9e9d14732527bc17ac56

Analysis

max time kernel
13s
max time network
14s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 00:19

Target

2ba4a40aa616e83f9cf18e4d6f2c5150N.dll
Size

7KB
MD5

2ba4a40aa616e83f9cf18e4d6f2c5150
SHA1

9f3a9878dc7bb448b7afa0f6b53a7a4efef2f94c
SHA256

8f8262c05b6d495bcf21c20a272b6ef4fa927b1fd72b9e9d14732527bc17ac56
SHA512

a5586cf63268186af71d4335ed51fdf7045ff65a88cf7bb27ec8a25277f0462dc05ae6c9a0ff35a64904d3bd8f56779fa6c21ea267b8015eb5d30384e7129e62
SSDEEP

96:z0QR9B6BvAwb/DiSXedzLcVsj5XubaEZw5ai6e8EA/emenn7kT:JR94/bhX1fCai6F/B67kT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2140	2152	rundll32.exe	30
PID 2152 wrote to memory of 2140	2152	rundll32.exe	30
PID 2152 wrote to memory of 2140	2152	rundll32.exe	30
PID 2152 wrote to memory of 2140	2152	rundll32.exe	30
PID 2152 wrote to memory of 2140	2152	rundll32.exe	30
PID 2152 wrote to memory of 2140	2152	rundll32.exe	30
PID 2152 wrote to memory of 2140	2152	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ba4a40aa616e83f9cf18e4d6f2c5150N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ba4a40aa616e83f9cf18e4d6f2c5150N.dll,#1
  2⤵
  PID:2140