ca91e4e28e4f7cd3ddb243893216e9bc36c7637abf0ddb153f4a7fc38840682d

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
18/09/2022, 22:18

Target

ca91e4e28e4f7cd3ddb243893216e9bc36c7637abf0ddb153f4a7fc38840682d.dll
Size

81KB
MD5

58e6eb3df22d6c3b781568b7744c08e9
SHA1

9c7634cb51a496bb07f6260cc3d7148f1d791825
SHA256

ca91e4e28e4f7cd3ddb243893216e9bc36c7637abf0ddb153f4a7fc38840682d
SHA512

f9e96d03d30f81c7e87dc6216f05cc949208032fd6a76e1d23861817cf046635847d6ac440e3cea69808d04528d980b2c58b4704195c5f49ef6428e5b2652fbb
SSDEEP

1536:XeGhUZS1tLIBbHgqLdXplxWmiFd9Ia8kPkKG6zss:uYUiIVAG1gIa8OG6z3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca91e4e28e4f7cd3ddb243893216e9bc36c7637abf0ddb153f4a7fc38840682d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca91e4e28e4f7cd3ddb243893216e9bc36c7637abf0ddb153f4a7fc38840682d.dll,#1
  2⤵
  PID:1196

memory/1196-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1196-56-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1196-57-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1196-58-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1196-59-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download