77dd7fe565e9a39d74246ceabfda082c8180ce7b5d226a6ce4d84e17a6e2dd37

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 03:26

Target

77dd7fe565e9a39d74246ceabfda082c8180ce7b5d226a6ce4d84e17a6e2dd37.dll
Size

228KB
MD5

4ced12694fc42057d89215ba69e0a3e7
SHA1

9ec177b94a6f9075bdc092ba779ec996ea2ddcfe
SHA256

77dd7fe565e9a39d74246ceabfda082c8180ce7b5d226a6ce4d84e17a6e2dd37
SHA512

ab199034728cbcbe8121fb0e0aedc7dcde7cdb8dac3c922819fc488d06bf676e3ec7d41265df83d92be75e260816967d5d0567f3b9c0f96196581b57885bd006
SSDEEP

3072:t5SZHI9O8JxvlkOgWKEHgzbVOPHxMcHApMPtwtO4y:48O8blkOgWJsOecEMlT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 1612	532	rundll32.exe	27
PID 532 wrote to memory of 1612	532	rundll32.exe	27
PID 532 wrote to memory of 1612	532	rundll32.exe	27
PID 532 wrote to memory of 1612	532	rundll32.exe	27
PID 532 wrote to memory of 1612	532	rundll32.exe	27
PID 532 wrote to memory of 1612	532	rundll32.exe	27
PID 532 wrote to memory of 1612	532	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77dd7fe565e9a39d74246ceabfda082c8180ce7b5d226a6ce4d84e17a6e2dd37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77dd7fe565e9a39d74246ceabfda082c8180ce7b5d226a6ce4d84e17a6e2dd37.dll,#1
  2⤵
  PID:1612

memory/1612-54-0x0000000000000000-mapping.dmp

Download
memory/1612-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1612-56-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download