f0d341eb102ecacf5a16525ba9b5100db53d5953b5b0d10b0ed4011c1496bdf1

Analysis

max time kernel
17s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 21:19

Target

f0d341eb102ecacf5a16525ba9b5100db53d5953b5b0d10b0ed4011c1496bdf1.dll
Size

42KB
MD5

9124a99af50f8b38dcbd9b7afa8a00c0
SHA1

04436535831b310015b6405f7feeda148a1e0067
SHA256

f0d341eb102ecacf5a16525ba9b5100db53d5953b5b0d10b0ed4011c1496bdf1
SHA512

b15945bf484ac6d4d7caad704cbc124842d81f059ba3fdae779bd0ead56336f87e35bfb393298691147e0b9680891278e69ca84cb80e2c1733413f0dbc532278
SSDEEP

768:uH7RSZTAH/P3BvmbAySo9HY2p6v/kplLnc7p/CqeDAbCW0I9Ufke3Lfk5xi3t:uHNSZTEXxu0opn6UfnckqeDAb30Lb3r3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
304	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27
PID 1072 wrote to memory of 304	1072	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0d341eb102ecacf5a16525ba9b5100db53d5953b5b0d10b0ed4011c1496bdf1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0d341eb102ecacf5a16525ba9b5100db53d5953b5b0d10b0ed4011c1496bdf1.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:304

memory/304-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/304-56-0x00000000006E0000-0x00000000007B3000-memory.dmp

Filesize
844KB

Download