8fd450190d19193e12ba162cd68a44b4e123e457e3130148c4f0a0e1668c2dad

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
25-09-2022 13:44

Target

8fd450190d19193e12ba162cd68a44b4e123e457e3130148c4f0a0e1668c2dad.dll
Size

169KB
MD5

c4e8f8de0ff0144dc794f122bf09c880
SHA1

c3f23cec743eb8fefd27ea688d8e7076c3487b26
SHA256

8fd450190d19193e12ba162cd68a44b4e123e457e3130148c4f0a0e1668c2dad
SHA512

b9b11067be67f1cb195cac637006010c7ed34f8b93840ad9a4c3dac63bed016fef0ef7daeba51eb65aadbb4b8ec8216fdda138cffab28111daecda44f4e8b685
SSDEEP

3072:Sg/NN3lW5LBHtnUB7xZaBM36hrBafDG3KIbbQ7bB0GsNkioQOL0gNv:5NN4Zy7xoO3UrstI6bqGTiovp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd450190d19193e12ba162cd68a44b4e123e457e3130148c4f0a0e1668c2dad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd450190d19193e12ba162cd68a44b4e123e457e3130148c4f0a0e1668c2dad.dll,#1
  2⤵
  PID:620

memory/620-54-0x0000000000000000-mapping.dmp

Download
memory/620-55-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download