21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9

Analysis

max time kernel
39s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 07:05

Target

21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9.dll
Size

359KB
MD5

60c4cb191bd11ccd0bf9de4c84cc6bf5
SHA1

311600d031e660e2f2f947168cafe9586cb83ebb
SHA256

21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9
SHA512

de95387330658ddb3dc887563fb1c20ae839974863b2bd276c1382c5791d747fef1106f3af4b2b6c82c1cb8cef2bc4b0ccff7f369ec626f4cf10c8a500ba39b6
SSDEEP

6144:BwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:CkI4nJmRz9PGGjkrgoN9Ppymfkn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 2044	1380	rundll32.exe	27
PID 1380 wrote to memory of 2044	1380	rundll32.exe	27
PID 1380 wrote to memory of 2044	1380	rundll32.exe	27
PID 1380 wrote to memory of 2044	1380	rundll32.exe	27
PID 1380 wrote to memory of 2044	1380	rundll32.exe	27
PID 1380 wrote to memory of 2044	1380	rundll32.exe	27
PID 1380 wrote to memory of 2044	1380	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9.dll,#1
  2⤵
  PID:2044

memory/2044-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download
memory/2044-56-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download
memory/2044-57-0x0000000073E71000-0x0000000073EC6000-memory.dmp

Filesize
340KB

Download
memory/2044-58-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download