9b5bb6c32c8c70c686150f7817abcca92828fc8b3df65509c824966eae655013

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 10:43

Target

b01b0db22d0c8795b3a03f9250d81c90N.dll
Size

5KB
MD5

b01b0db22d0c8795b3a03f9250d81c90
SHA1

ab3ebf76c557cfb86a11a10d81f6c8ffcd728217
SHA256

9b5bb6c32c8c70c686150f7817abcca92828fc8b3df65509c824966eae655013
SHA512

dfa50528fc2939d3851eb9486848987015b5878dd2c8748018d3b4857adf49dc5348fe137d81c8d7eb11073ef65f74b606f882d0d34a3ed9e84ff02cdc8fd00e
SSDEEP

48:C6VonAHso6U7lYa92RrpjwDmetlG95hx+iMHhmY7q2eC1BY0pEmB2Y2daIrgsZ4E:nEY2RrF1eqwi4Rq2LOdaV5ZYMJ4r9W

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2368	3008	rundll32.exe	31
PID 3008 wrote to memory of 2368	3008	rundll32.exe	31
PID 3008 wrote to memory of 2368	3008	rundll32.exe	31
PID 3008 wrote to memory of 2368	3008	rundll32.exe	31
PID 3008 wrote to memory of 2368	3008	rundll32.exe	31
PID 3008 wrote to memory of 2368	3008	rundll32.exe	31
PID 3008 wrote to memory of 2368	3008	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b0db22d0c8795b3a03f9250d81c90N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b0db22d0c8795b3a03f9250d81c90N.dll,#1
  2⤵
  PID:2368