3d4de0cf80815e9bcdcc0eda26a2f94bd60b3a0e3520cf0d706edcee32d93b37

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 07:26

Target

3d4de0cf80815e9bcdcc0eda26a2f94bd60b3a0e3520cf0d706edcee32d93b37.dll
Size

275KB
MD5

714e0721078faea52c774e73a64c6c59
SHA1

56788eb8146404d05bdfb3f965a19a5715fdafb8
SHA256

3d4de0cf80815e9bcdcc0eda26a2f94bd60b3a0e3520cf0d706edcee32d93b37
SHA512

3a59cd87877e40f6358aa2c9b506e6e27217812bf400a07d518820422b2c68e3d3dc6bfc6bb0811757bcc19914305ecfd68a9c05eb24adfe6251d065cad88248
SSDEEP

6144:lwjNbH0iRP3iIkktCG8YXXO8/dOogWuF3RMyFqi9akK:ajhHVRfiIpZ3FOzXRSiX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 1172	1132	rundll32.exe	27
PID 1132 wrote to memory of 1172	1132	rundll32.exe	27
PID 1132 wrote to memory of 1172	1132	rundll32.exe	27
PID 1132 wrote to memory of 1172	1132	rundll32.exe	27
PID 1132 wrote to memory of 1172	1132	rundll32.exe	27
PID 1132 wrote to memory of 1172	1132	rundll32.exe	27
PID 1132 wrote to memory of 1172	1132	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d4de0cf80815e9bcdcc0eda26a2f94bd60b3a0e3520cf0d706edcee32d93b37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d4de0cf80815e9bcdcc0eda26a2f94bd60b3a0e3520cf0d706edcee32d93b37.dll,#1
  2⤵
  PID:1172

memory/1172-54-0x0000000000000000-mapping.dmp

Download
memory/1172-55-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download
memory/1172-57-0x0000000073761000-0x000000007379F000-memory.dmp

Filesize
248KB

Download
memory/1172-56-0x0000000073760000-0x00000000737AC000-memory.dmp

Filesize
304KB

Download