bd22160ac69021e0b9c3940f437f56cc00fa8f2c3e08ad044ba16a73e5124170

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 09:23

Target

bd22160ac69021e0b9c3940f437f56cc00fa8f2c3e08ad044ba16a73e5124170.dll
Size

122KB
MD5

1234314f1dea626bb2a9849b40d4b72c
SHA1

02a4ed0d8deca7c067b076555a270fd7326653df
SHA256

bd22160ac69021e0b9c3940f437f56cc00fa8f2c3e08ad044ba16a73e5124170
SHA512

6b9b0fa818010a71dd67cfbf3a2268b308175b71c8292db9d55b1bf68fa8b8d25a77c790ad834d350ad2cdaa96551a6c8907327f7a119d891b0a1b9e86ae56ed
SSDEEP

3072:xiufIAlIHwE8S3CcKJpImTwEkWzsQbRKCxVN2olfl60:xiwtlI5Y7ImTJjzZVn7lfl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd22160ac69021e0b9c3940f437f56cc00fa8f2c3e08ad044ba16a73e5124170.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd22160ac69021e0b9c3940f437f56cc00fa8f2c3e08ad044ba16a73e5124170.dll,#1
  2⤵
  PID:1012

memory/1012-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1012-56-0x0000000010000000-0x0000000010042000-memory.dmp

Filesize
264KB

Download
memory/1012-57-0x0000000010000000-0x0000000010042000-memory.dmp

Filesize
264KB

Download