357b2af5bed1548785299e1c280b63eb659c87cb82059de14f52a6248ec38d28

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 20:56

Target

$0/basicscan.dll
Size

347KB
MD5

d11d335cd88a90c834aec9959253617e
SHA1

7db3ec76993414dfa1946c882282471328da4326
SHA256

74fc7303821137f8c2e72550d607a975f2b9b6918ee296f8e4ce6654957ff7c2
SHA512

3ebc9543a649b362da3dca2efda54f9226feaba832a904f27e7052f6b9b45b2660a7c9b5bd284adf9abe15f841a60c20d8f7d66b2ba4cb26be50aa095d04f60f
SSDEEP

6144:22K3ugvJMbuwWajWhS6IlDUuaCuF5wncPhKNoSco3CL1FerTnR7dY+4vk+ZATNpA:n9OOzjWhS6uwuaC+wnos5y1uTnV++m+0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\basicscan.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\basicscan.dll,#1
  2⤵
  PID:1332