c2fa5b03c05c734bae3bcab2015978f5b9db9b4c0f4c1997e29fad0a6bb0ab4b

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 11:01

Target

c2fa5b03c05c734bae3bcab2015978f5b9db9b4c0f4c1997e29fad0a6bb0ab4b.dll
Size

61KB
MD5

69e44ff57a2eee26f24c2f8e337b5f80
SHA1

d42f2251e9809363e8bed98a7b47dd7c2eda9d17
SHA256

c2fa5b03c05c734bae3bcab2015978f5b9db9b4c0f4c1997e29fad0a6bb0ab4b
SHA512

f1ae488350204ed9705a12ea2a0037e5771ea22cd6300235651f31bd40f2cf12d4e3849019867e074094948c05f9da6888125b731375274ee6aa8da94c483602
SSDEEP

1536:LszMRUyslJCWQk7QCGGgU7X6vyljRfrqKU2NWS:L6PnCbCDuaNRfrLU83

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2fa5b03c05c734bae3bcab2015978f5b9db9b4c0f4c1997e29fad0a6bb0ab4b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2fa5b03c05c734bae3bcab2015978f5b9db9b4c0f4c1997e29fad0a6bb0ab4b.dll,#1
  2⤵
  PID:844

memory/844-54-0x0000000000000000-mapping.dmp

Download
memory/844-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download