13e83d941a878f1929f0c0e951c4282d9de52ab3ac298f552b2ca3cb524b33b5

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 10:58

Target

13e83d941a878f1929f0c0e951c4282d9de52ab3ac298f552b2ca3cb524b33b5.dll
Size

63KB
MD5

4d8761bcb1a033427fa940661524066e
SHA1

95678d28f3518a224a6e293e2346585aaacac175
SHA256

13e83d941a878f1929f0c0e951c4282d9de52ab3ac298f552b2ca3cb524b33b5
SHA512

3af12c0a7de4552a7d971998f7e5f3b64c44cf3286f06206be5189b468727ef1a672ff392d53091a52878913195dad2b5569da17c0ea0115b4b333a744ffcc0b
SSDEEP

1536:RVFvN9VPsC/kM2ECrpxSyoRLTZzwpithiD181Y:TBN9ZfkMYrtGTEeHY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1524	1456	rundll32.exe	26
PID 1456 wrote to memory of 1524	1456	rundll32.exe	26
PID 1456 wrote to memory of 1524	1456	rundll32.exe	26
PID 1456 wrote to memory of 1524	1456	rundll32.exe	26
PID 1456 wrote to memory of 1524	1456	rundll32.exe	26
PID 1456 wrote to memory of 1524	1456	rundll32.exe	26
PID 1456 wrote to memory of 1524	1456	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13e83d941a878f1929f0c0e951c4282d9de52ab3ac298f552b2ca3cb524b33b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13e83d941a878f1929f0c0e951c4282d9de52ab3ac298f552b2ca3cb524b33b5.dll,#1
  2⤵
  PID:1524

memory/1524-54-0x0000000000000000-mapping.dmp

Download
memory/1524-55-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download