3ffaca620a820a5b40cf35bb0fae3cb2cf20bac61b405d9f82995a74dc4b16d5

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-10-2022 19:56

Target

3ffaca620a820a5b40cf35bb0fae3cb2cf20bac61b405d9f82995a74dc4b16d5.dll
Size

249KB
MD5

135ae58d4307dc26b12cbdbb6f361587
SHA1

822ff3a69a2405ce3a588157f842edd95443e88a
SHA256

3ffaca620a820a5b40cf35bb0fae3cb2cf20bac61b405d9f82995a74dc4b16d5
SHA512

2f06e55f43637e94b190f12eb356f3de51aa6b0a19926cd641b3ef8220f86070c16ad25e4e4da9c6a476537d7436aa0283a089f358309cc477beba294ab351a9
SSDEEP

6144:yuazI9O+uHlQkhHgzJEM4qB2SORqxse63TiSkX:6gcFQGieq85RqxOOZX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1844	1500	rundll32.exe	27
PID 1500 wrote to memory of 1844	1500	rundll32.exe	27
PID 1500 wrote to memory of 1844	1500	rundll32.exe	27
PID 1500 wrote to memory of 1844	1500	rundll32.exe	27
PID 1500 wrote to memory of 1844	1500	rundll32.exe	27
PID 1500 wrote to memory of 1844	1500	rundll32.exe	27
PID 1500 wrote to memory of 1844	1500	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffaca620a820a5b40cf35bb0fae3cb2cf20bac61b405d9f82995a74dc4b16d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffaca620a820a5b40cf35bb0fae3cb2cf20bac61b405d9f82995a74dc4b16d5.dll,#1
  2⤵
  PID:1844

memory/1844-54-0x0000000000000000-mapping.dmp

Download
memory/1844-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/1844-56-0x0000000010000000-0x00000000100CB000-memory.dmp

Filesize
812KB

Download