c556cb974ccb6b9ffa4d9f308dec8382c2555f36ffe9e21d53eabd88e39d03fd

Analysis

max time kernel
152s
max time network
168s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 13:36

Target

c556cb974ccb6b9ffa4d9f308dec8382c2555f36ffe9e21d53eabd88e39d03fd.dll
Size

141KB
MD5

467f7879f3399451d38ef84b4a67a28c
SHA1

36cf46fdf5111ea191edbdc91fc3f83f15031c36
SHA256

c556cb974ccb6b9ffa4d9f308dec8382c2555f36ffe9e21d53eabd88e39d03fd
SHA512

d4853bf76a522c373a81886476c9fb78ba328410358e15eddf9c1ba521e0da3014fd464470fcd425b1e2be44bb5002b81f95a01fc8eb79344c94b8058340190e
SSDEEP

3072:S1kMaSlYoyqHF6NQUqpkmcGDO6AqEnWWakfP4wDPd3/vD+QleKt2G:S1dnxriRG2qEWWahwDPd3/NlcG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c556cb974ccb6b9ffa4d9f308dec8382c2555f36ffe9e21d53eabd88e39d03fd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c556cb974ccb6b9ffa4d9f308dec8382c2555f36ffe9e21d53eabd88e39d03fd.dll,#1
  2⤵
  PID:304

memory/304-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/304-56-0x0000000000170000-0x0000000000181000-memory.dmp

Filesize
68KB

Download
memory/304-57-0x0000000000200000-0x0000000000225000-memory.dmp

Filesize
148KB

Download
memory/304-61-0x0000000000170000-0x0000000000181000-memory.dmp

Filesize
68KB

Download