6247b6ca9b44d99173cb13c6d96f32d885900c4cb96b5365d0ae6b9885256e5c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 02:05

Target

38ab8b3528ea1aca20e2060835e51740N.dll
Size

564KB
MD5

38ab8b3528ea1aca20e2060835e51740
SHA1

7bfec6b07948e9fe4995f714845aa099d93f2036
SHA256

6247b6ca9b44d99173cb13c6d96f32d885900c4cb96b5365d0ae6b9885256e5c
SHA512

6f56108691c43f24c47ad2daf973f2dfdddc68091a9964ca20b4ae95b81f06b91f17b7723990cbf6ee8b951539aab91641549191b32128007ce1d8f1235ad956
SSDEEP

6144:ziKNEFPgbBPForYkni1S/OFUE28Oi87Chx6PZL8maGstJTxzQPLFpFqW:2KB1PmNJE28g7ChGPZpFqW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2688	1600	rundll32.exe	30
PID 1600 wrote to memory of 2688	1600	rundll32.exe	30
PID 1600 wrote to memory of 2688	1600	rundll32.exe	30
PID 1600 wrote to memory of 2688	1600	rundll32.exe	30
PID 1600 wrote to memory of 2688	1600	rundll32.exe	30
PID 1600 wrote to memory of 2688	1600	rundll32.exe	30
PID 1600 wrote to memory of 2688	1600	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ab8b3528ea1aca20e2060835e51740N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ab8b3528ea1aca20e2060835e51740N.dll,#1
  2⤵
  PID:2688