254345aac1382b5373bb9ca6cac32b27b0c713a43d0339e418c545976efd36eb

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 23:20

Target

254345aac1382b5373bb9ca6cac32b27b0c713a43d0339e418c545976efd36eb.dll
Size

112KB
MD5

9235657b4148a29835a239d884b513a0
SHA1

054d37f6a1c296a64b3ccf018649ad10b5812165
SHA256

254345aac1382b5373bb9ca6cac32b27b0c713a43d0339e418c545976efd36eb
SHA512

8b825390eda7e665c95c586fa9e4e5322b2dcc6a8e7d6002ecb3e620889a37fce69f55b31a8824b44afccc80247407ed36de49e356e8ff3418a2c388cf4a363c
SSDEEP

1536:v1GCMd8I3gAVFg61XIqDOFj68drHAUTnrDlLXOb7RskcyjZhFgibpE/SmVGIAfD8:tGRddVkq46WrHXdOikJDgilwAIbTV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\254345aac1382b5373bb9ca6cac32b27b0c713a43d0339e418c545976efd36eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\254345aac1382b5373bb9ca6cac32b27b0c713a43d0339e418c545976efd36eb.dll,#1
  2⤵
  PID:1168

memory/1168-54-0x0000000000000000-mapping.dmp

Download
memory/1168-55-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/1168-56-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/1168-57-0x00000000001C0000-0x00000000001CB000-memory.dmp

Filesize
44KB

Download
memory/1168-61-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download