bc158a5d16db95a50e41f12e7dbaf6289f23b8d694f62cc93746ac9af3fdc54e

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 15:36

Target

01f5659e40e4f74504bfd479b7b4b650N.dll
Size

81KB
MD5

01f5659e40e4f74504bfd479b7b4b650
SHA1

3c0628a22fae76a701492ed7dc69119fd736d333
SHA256

bc158a5d16db95a50e41f12e7dbaf6289f23b8d694f62cc93746ac9af3fdc54e
SHA512

e8cef30a829f8d521512eb8bac404b6250dd600fdf417352c4d10a3b54dfdd2823cbfe66aeafabb83f295bb87b0f137f7af7ebfc12c370970a3bfe882a89464c
SSDEEP

1536:aByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WL:7v4JKXTx71wnArSsXFpeXq8WL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2256	2240	rundll32.exe	28
PID 2240 wrote to memory of 2256	2240	rundll32.exe	28
PID 2240 wrote to memory of 2256	2240	rundll32.exe	28
PID 2240 wrote to memory of 2256	2240	rundll32.exe	28
PID 2240 wrote to memory of 2256	2240	rundll32.exe	28
PID 2240 wrote to memory of 2256	2240	rundll32.exe	28
PID 2240 wrote to memory of 2256	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01f5659e40e4f74504bfd479b7b4b650N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01f5659e40e4f74504bfd479b7b4b650N.dll,#1
  2⤵
  PID:2256