dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 04:20

Target

dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1.dll
Size

856KB
MD5

2731f7363f3fab2cabd0c45a461eb9e9
SHA1

e05d080668af4767b453e7c2d9ff29f1afd595bc
SHA256

dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1
SHA512

f731b9aa3759b8c92c92a9225f56b307e8e76709e7be48276f84eca0ae2286b18e2d50a487bcf60db64f4802ecb0c12a0996433ea133a014efa58a684be24e43
SSDEEP

24576:qDMg1ejvXydkJaf8YOtmnP3gkd0W4vOa:EMPjvCKafnPPrrKO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1.dll,#1
  2⤵
  PID:844

memory/844-54-0x0000000000000000-mapping.dmp

Download
memory/844-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/844-56-0x0000000000900000-0x0000000000A84000-memory.dmp

Filesize
1.5MB

Download
memory/844-57-0x0000000000170000-0x0000000000173000-memory.dmp

Filesize
12KB

Download