5b7a2f3d40dd613c0351d40d3ed77ccf4f37d070c4fd89ae419d4e40c35fdab1

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 02:41

Target

524ee5b000fe6a8fdeb268f2e92925b0N.dll
Size

106KB
MD5

524ee5b000fe6a8fdeb268f2e92925b0
SHA1

399640b0568f3423902623818f6465fb1f4c84c3
SHA256

5b7a2f3d40dd613c0351d40d3ed77ccf4f37d070c4fd89ae419d4e40c35fdab1
SHA512

2e7e80c1283f0e3abe6de44364887f3714769ae7ab1dd6ce0184616f08d28097d5a358c5972f2c0c4ecd715bbbc182f824d8f2c09459fb5541a5ca2701fd0cf3
SSDEEP

3072:/JmzIbNitSzSJ3oi8qVGvrK+nqT+KDcR/PfOEaB:/1NitZYi8CGvrK+nqT+UcRnfOE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2528	2412	rundll32.exe	30
PID 2412 wrote to memory of 2528	2412	rundll32.exe	30
PID 2412 wrote to memory of 2528	2412	rundll32.exe	30
PID 2412 wrote to memory of 2528	2412	rundll32.exe	30
PID 2412 wrote to memory of 2528	2412	rundll32.exe	30
PID 2412 wrote to memory of 2528	2412	rundll32.exe	30
PID 2412 wrote to memory of 2528	2412	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\524ee5b000fe6a8fdeb268f2e92925b0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\524ee5b000fe6a8fdeb268f2e92925b0N.dll,#1
  2⤵
  PID:2528