376d6a0f2ac7297b54a4ee61edeeb995aec98be8f966e1b3704b7cf092584c2c

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 21:13

Target

376d6a0f2ac7297b54a4ee61edeeb995aec98be8f966e1b3704b7cf092584c2c.dll
Size

4KB
MD5

6008d50175f048e8c12038d12d056e90
SHA1

06c8120b6b8f0c2d11be12328b52c2445b882303
SHA256

376d6a0f2ac7297b54a4ee61edeeb995aec98be8f966e1b3704b7cf092584c2c
SHA512

7141a00e35eb4990a13439c3c1e4be9dcc57733b6e7b9cd5820a9514e96668703c89d95db06860e4d52bd971607e25936efc6b0f398b5ed4229db729a750bc75
SSDEEP

48:SKLA9oyTnXz+ihZju2HjLH5kH0kRRnyaCgK5mH:eTnXzvu+a0kRZyas5u

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 1788	1264	rundll32.exe	28
PID 1264 wrote to memory of 1788	1264	rundll32.exe	28
PID 1264 wrote to memory of 1788	1264	rundll32.exe	28
PID 1264 wrote to memory of 1788	1264	rundll32.exe	28
PID 1264 wrote to memory of 1788	1264	rundll32.exe	28
PID 1264 wrote to memory of 1788	1264	rundll32.exe	28
PID 1264 wrote to memory of 1788	1264	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\376d6a0f2ac7297b54a4ee61edeeb995aec98be8f966e1b3704b7cf092584c2c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\376d6a0f2ac7297b54a4ee61edeeb995aec98be8f966e1b3704b7cf092584c2c.dll,#1
  2⤵
  PID:1788

memory/1788-54-0x0000000000000000-mapping.dmp

Download
memory/1788-55-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download