3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 04:19

Target

3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d.dll
Size

73KB
MD5

54be8a82f7398d7d80e256e0bf8576e4
SHA1

d780a83a282f4742f90bcfe9119d3fb8c64fc790
SHA256

3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d
SHA512

fa5769541ed986bba8ef05c5b021443ca43754caea3fb3a499f9af675f3ec96a1ef8c2e1f690cf82d6450081bb9d71fb068e5c56ceadb9e181cd527eff5673db
SSDEEP

1536:Iykzkagrwe8Sh4+jVYAILWUsILri5f+BBArg:IFzkaiF80VaAf8LSf+Bmrg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1904	2036	rundll32.exe	27
PID 2036 wrote to memory of 1904	2036	rundll32.exe	27
PID 2036 wrote to memory of 1904	2036	rundll32.exe	27
PID 2036 wrote to memory of 1904	2036	rundll32.exe	27
PID 2036 wrote to memory of 1904	2036	rundll32.exe	27
PID 2036 wrote to memory of 1904	2036	rundll32.exe	27
PID 2036 wrote to memory of 1904	2036	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d.dll,#1
  2⤵
  PID:1904

memory/1904-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1904-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1904-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1904-59-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1904-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download