f600ddc6591323e363b4dfc6385544d9fc14d32e5ca721810b5d6e14166e6614

Analysis

max time kernel
21s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 05:36

Target

f600ddc6591323e363b4dfc6385544d9fc14d32e5ca721810b5d6e14166e6614.dll
Size

37KB
MD5

65a11ac4ab5a7970e6337131102f3020
SHA1

c1582b8a2d761f10d881029c380832029a6b1c84
SHA256

f600ddc6591323e363b4dfc6385544d9fc14d32e5ca721810b5d6e14166e6614
SHA512

0896a90ac55bd02e92c53cfb7ff30626dc140ad44140b9defd364e73891be68aca619ac13e478ad748b3727c97e5d254a1a5288a9970f470f1475c4a75c40baf
SSDEEP

768:vPs1sAFxdb7/TcClMrejH3LJovZm9vXYYMc/:vPs1Pvdb7ITmlcmhXr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f600ddc6591323e363b4dfc6385544d9fc14d32e5ca721810b5d6e14166e6614.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f600ddc6591323e363b4dfc6385544d9fc14d32e5ca721810b5d6e14166e6614.dll,#1
  2⤵
  PID:304

memory/304-54-0x0000000000000000-mapping.dmp

Download
memory/304-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download