f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee

Analysis

max time kernel
29s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 10:00

Target

f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll
Size

6KB
MD5

6c6333b20794644eae09ffd0431efc0e
SHA1

36512e83c10c637f9ae2c32050dd24e2dbb40899
SHA256

f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee
SHA512

60f5aa6ea8a36e2e236cb31cdb5d6560b37d60bff987dda128f6529bc6022c7565aaaecfef3647bc0f2da7d88a2b4a21804044aa212f8a022740181aac13152d
SSDEEP

96:PIV9yIjhsZrg0j6I/AhWNirHWrIlEuiuCPGzxXi9xSJdb:PyIIjWXGhqsWxuibmyaJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll,#1
  2⤵
  PID:304

memory/304-54-0x0000000000000000-mapping.dmp

Download
memory/304-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download