791bdf68f21d0880cd894dcd20b11a832d78f4058b2cf1df80869e8a0b652525

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 09:30

Target

791bdf68f21d0880cd894dcd20b11a832d78f4058b2cf1df80869e8a0b652525.dll
Size

332KB
MD5

80a2fabd39e792af594fd598cb01db52
SHA1

7a9692408583d110f5be3bd340328e6efd2439a9
SHA256

791bdf68f21d0880cd894dcd20b11a832d78f4058b2cf1df80869e8a0b652525
SHA512

cf9c137a9ee7e92e0c3dc880d32f424652188880419e2cb866399a9b76c2c5f298ce423c2be1e327a2b9ab13a18ad63e104a12cacc43db2d11b002035e91a21b
SSDEEP

6144:GIziAyvkSpnkdX1SVElYs0iMFkrNc3r4fjgw+YUH2pVJHsBQp6IXrn+N:GIz1yvrpnkdX8SlYCMFkhcb08+XRMupU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\791bdf68f21d0880cd894dcd20b11a832d78f4058b2cf1df80869e8a0b652525.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\791bdf68f21d0880cd894dcd20b11a832d78f4058b2cf1df80869e8a0b652525.dll,#1
  2⤵
  PID:1940

memory/1940-54-0x0000000000000000-mapping.dmp

Download
memory/1940-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1940-56-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download
memory/1940-57-0x0000000010000000-0x00000000100A3000-memory.dmp

Filesize
652KB

Download