280d3792915085b92635b5e80cc5e12e860267a1d86cfc7aeedce5c960caee0a

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-09-2022 22:36

Target

280d3792915085b92635b5e80cc5e12e860267a1d86cfc7aeedce5c960caee0a.dll
Size

35KB
MD5

17a81363e1db35aefb1acda968863bda
SHA1

526c917ae0cda737e923a0c73ea3470312042394
SHA256

280d3792915085b92635b5e80cc5e12e860267a1d86cfc7aeedce5c960caee0a
SHA512

44100da4bf8c389e18f8b4fa873cc2ab1d7bf7f08de16fccb0b64f367215982dedc5ce0fd65727d093d7fd704f8f7ef9bbe29abe14df79e46b24404529b53340
SSDEEP

768:DnWy0L5TXpVQcqxieaSrM/W4uGes7UOFTcJ5hlD8oR3YGXdk:2LtXvQqSrMe/s7UOdcrXlRIGXS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\280d3792915085b92635b5e80cc5e12e860267a1d86cfc7aeedce5c960caee0a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\280d3792915085b92635b5e80cc5e12e860267a1d86cfc7aeedce5c960caee0a.dll,#1
  2⤵
  PID:1012

memory/1012-54-0x0000000000000000-mapping.dmp

Download
memory/1012-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download