d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 09:14

Target

d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll
Size

250KB
MD5

6274fb96e251636c73b35fe611b2c5a4
SHA1

a8942b56477d02d5c7c7ca4acd866380b0710285
SHA256

d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3
SHA512

cec627f4ce3adc05ebfd90d7881a23bca0310101bfc20359934871c626254ad2f427aec6801783c2d8d033df379f0346e68b523e880a92746a7c3f0e7ce712ce
SSDEEP

6144:LTVQ/lw998gWNlPTGQQm6agrdoA782V5L:FQNFNtTirdo0L

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll,#1
  2⤵
  PID:544

memory/544-55-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download
memory/544-56-0x0000000000160000-0x0000000000171000-memory.dmp

Filesize
68KB

Download