3a2121edc2e75eb15631ae18ba2637073176f10668ee9780bc2ca30bdcab9374

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 16:29

Target

3a2121edc2e75eb15631ae18ba2637073176f10668ee9780bc2ca30bdcab9374.dll
Size

93KB
MD5

283d2f27d4e86544953ee9155f4d8979
SHA1

0ae52d0aca104d7de1cbddb2ded1ebd33d0180fa
SHA256

3a2121edc2e75eb15631ae18ba2637073176f10668ee9780bc2ca30bdcab9374
SHA512

99d25639aa40ecbe4af35185ba3161c7cb595880754dc0f7d0e7c808b89ee242cc025aa57fa46011403b9a32d2d8ea9c1310d69e301fa5546855f42f4603ed42
SSDEEP

1536:5Jwsdbdj96ygrbZpcbSe4dhsFURR9XDlh43GcYoWsu4geAAGidwMUHp1fwcSRNhC:nwsRdmfQnsG6fDg3GcYoWsu+A3u9S1II

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1904	1520	rundll32.exe	27
PID 1520 wrote to memory of 1904	1520	rundll32.exe	27
PID 1520 wrote to memory of 1904	1520	rundll32.exe	27
PID 1520 wrote to memory of 1904	1520	rundll32.exe	27
PID 1520 wrote to memory of 1904	1520	rundll32.exe	27
PID 1520 wrote to memory of 1904	1520	rundll32.exe	27
PID 1520 wrote to memory of 1904	1520	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a2121edc2e75eb15631ae18ba2637073176f10668ee9780bc2ca30bdcab9374.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a2121edc2e75eb15631ae18ba2637073176f10668ee9780bc2ca30bdcab9374.dll,#1
  2⤵
  PID:1904

memory/1904-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download
memory/1904-56-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1904-57-0x00000000001B0000-0x00000000001C2000-memory.dmp

Filesize
72KB

Download