e2dca85ba15366a41846b1152329ad9c7abc8b410b5ee51d00b812c1d1eae761

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:39

Target

?????10?/soundbox.dll
Size

1.6MB
MD5

11a804704668900abc9b12a9968a530a
SHA1

e0961bc9989da51814b5de9208fa9f18f082db4a
SHA256

6d11a076bcc2b9208adf16a62c9309de000633147e3a564929806608fad5d8a4
SHA512

420600d04c86f1e6e612cd07a6b1e85f95ebadde8c6ae543d014f3bd0834441ccca44b42b539f4b1e711bdb8133a1742ba6e19815fbca5ecb885222cee28a7d2
SSDEEP

49152:b3lT6aG2823AlhFL1FOha4tN0bK6h2V5Qff4x4aGMTyX8M:bx6M82wlhFL1FOha4tNAxh2V5Qu43MTi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2320 wrote to memory of 1740	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 1740	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 1740	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 1740	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 1740	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 1740	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 1740	2320	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\_____10_\soundbox.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2320

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\_____10_\soundbox.dll,#1
2⤵
PID:1740

memory/1740-0-0x0000000034D50000-0x0000000034D60000-memory.dmp

Filesize
64KB

Download