284419907edf8f0f95da4031f87623400e222d4376613e729b3ab0f2351392d4

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-09-2022 23:23

Target

284419907edf8f0f95da4031f87623400e222d4376613e729b3ab0f2351392d4.dll
Size

40KB
MD5

31047a9e930b8ca160e5546df345db4f
SHA1

ed455ce35df30f0903a0d2f7ab1c51948769e1b8
SHA256

284419907edf8f0f95da4031f87623400e222d4376613e729b3ab0f2351392d4
SHA512

ca71c03232d9193fb5a06389107a920f13d0d0dbaf2550069bc2cf5b2da81db3b273677f3a6e02c00cc88971cd9c84866f3b5a919b68dc4370f7b625d1e3a029
SSDEEP

768:YTyJLYMxqdmr8J5QkDoPzDIK7UmCU+hpaQWBiRI54u1:KyJLYMuOIoP/X7UmKv9aiR+4M

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\284419907edf8f0f95da4031f87623400e222d4376613e729b3ab0f2351392d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\284419907edf8f0f95da4031f87623400e222d4376613e729b3ab0f2351392d4.dll,#1
  2⤵
  PID:1400

memory/1400-54-0x0000000000000000-mapping.dmp

Download
memory/1400-55-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download