b369d88a0436d79ceaa0af48d5c41886bef01b07a55155d8a5ab678c48ab8ca2

Analysis

max time kernel
17s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 13:39

Target

b369d88a0436d79ceaa0af48d5c41886bef01b07a55155d8a5ab678c48ab8ca2.dll
Size

2.5MB
MD5

b4b87806c60fb4d43e71994cc01b7553
SHA1

266ee5e717543f40b3dc2daf1f8eec751531e9c4
SHA256

b369d88a0436d79ceaa0af48d5c41886bef01b07a55155d8a5ab678c48ab8ca2
SHA512

6358c2b83e72709bd5d721e973656f15a209c08ffc1062cd07a67e3eaf8367a107c937c420849c757b6caf306514868980254759c6edb8cb6f4aaa16a72132fb
SSDEEP

49152:HlzNv44gxiO75Nj8sA55AcOsrPyuM3R4n6FBA:FzN3gxievAAXar6Wn63

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 988	1732	rundll32.exe	29
PID 1732 wrote to memory of 988	1732	rundll32.exe	29
PID 1732 wrote to memory of 988	1732	rundll32.exe	29
PID 1732 wrote to memory of 988	1732	rundll32.exe	29
PID 1732 wrote to memory of 988	1732	rundll32.exe	29
PID 1732 wrote to memory of 988	1732	rundll32.exe	29
PID 1732 wrote to memory of 988	1732	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b369d88a0436d79ceaa0af48d5c41886bef01b07a55155d8a5ab678c48ab8ca2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b369d88a0436d79ceaa0af48d5c41886bef01b07a55155d8a5ab678c48ab8ca2.dll,#1
  2⤵
  PID:988

memory/988-0-0x0000000002220000-0x0000000002497000-memory.dmp

Filesize
2.5MB

Download