96c746b4505415a9e08b53e9c77c1f3f466a36ee5dc6b237088cf579acb94ed6

Analysis

max time kernel
6s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 22:12

Target

96c746b4505415a9e08b53e9c77c1f3f466a36ee5dc6b237088cf579acb94ed6.dll
Size

110KB
MD5

9146c417f96ff7e7e917c3440012e690
SHA1

af2d6d4f0e63b4225ecace816f21d523be1480c4
SHA256

96c746b4505415a9e08b53e9c77c1f3f466a36ee5dc6b237088cf579acb94ed6
SHA512

b3f6e7e9ac9bc86044e73889772a8ac46959fdc68ee871361d0fcea858f6214acb5bef6a680f6a82a49cdfeb14030be157eb27c415e28ec693c8728fdead926b
SSDEEP

3072:XreeNYEEd/hgKYAl5pLd8/q3xiTiGokkcycX:zNw/hlLd+esiGnkc5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 1368	1800	rundll32.exe	27
PID 1800 wrote to memory of 1368	1800	rundll32.exe	27
PID 1800 wrote to memory of 1368	1800	rundll32.exe	27
PID 1800 wrote to memory of 1368	1800	rundll32.exe	27
PID 1800 wrote to memory of 1368	1800	rundll32.exe	27
PID 1800 wrote to memory of 1368	1800	rundll32.exe	27
PID 1800 wrote to memory of 1368	1800	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96c746b4505415a9e08b53e9c77c1f3f466a36ee5dc6b237088cf579acb94ed6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\96c746b4505415a9e08b53e9c77c1f3f466a36ee5dc6b237088cf579acb94ed6.dll,#1
  2⤵
  PID:1368

memory/1368-54-0x0000000000000000-mapping.dmp

Download
memory/1368-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download