351005b4b75c99a659012947472d1611fb149633c97d64b51cf81e451b063534

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 03:46

Target

$PLUGINSDIR/newadvsplash.dll
Size

8KB
MD5

55a723e125afbc9b3a41d46f41749068
SHA1

01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
SHA256

0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
SHA512

559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
SSDEEP

96:/VV0Rwtvrm2nQujIvP9dir3UniV/zRzVR3rN3k8Jd18tsPcaqhx:/VV0KtC2yH9d83BzVR53kEQFaq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2608 wrote to memory of 2812	2608	rundll32.exe	rundll32.exe
PID 2608 wrote to memory of 2812	2608	rundll32.exe	rundll32.exe
PID 2608 wrote to memory of 2812	2608	rundll32.exe	rundll32.exe
PID 2608 wrote to memory of 2812	2608	rundll32.exe	rundll32.exe
PID 2608 wrote to memory of 2812	2608	rundll32.exe	rundll32.exe
PID 2608 wrote to memory of 2812	2608	rundll32.exe	rundll32.exe
PID 2608 wrote to memory of 2812	2608	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\newadvsplash.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2608

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\newadvsplash.dll,#1
2⤵
PID:2812