f338b57d36a1ebbcba7f54d55bc905f29d134dbc57eb9b665f653a33a204e374

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10-10-2022 21:29

Target

f338b57d36a1ebbcba7f54d55bc905f29d134dbc57eb9b665f653a33a204e374.dll
Size

188KB
MD5

7b16a0eb6d5dca588be28da79a8f1ebf
SHA1

688697207183fa8b0dbb49278a800d9aa160fa86
SHA256

f338b57d36a1ebbcba7f54d55bc905f29d134dbc57eb9b665f653a33a204e374
SHA512

ec499ee9b979d61264572caf4c406c6a418b1b912779c340a4976a13d6c5b53e94c05451df09427503c8ba8902f405cb3911a9a2c4aa76752387730b3c9299fb
SSDEEP

3072:R6354wgB6eBqy4EZFE+3dHYPN0HO6artMu1i9xTuQhCIpErozPm/lTGX:Rg5zy6uqGFE6dAtMci9xNA/k

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f338b57d36a1ebbcba7f54d55bc905f29d134dbc57eb9b665f653a33a204e374.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f338b57d36a1ebbcba7f54d55bc905f29d134dbc57eb9b665f653a33a204e374.dll,#1
  2⤵
  PID:1852

memory/1852-55-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download