16c2c6e1ec78ff3c57bb0ae2dcbc3b5738538e3f8c58a2fe1ce8ecc4cd1d9416

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 15:08

Target

16c2c6e1ec78ff3c57bb0ae2dcbc3b5738538e3f8c58a2fe1ce8ecc4cd1d9416.dll
Size

18KB
MD5

a036477056cb2ecc15fecfc1390b5040
SHA1

988a2e1ab238ad0f996779fe8578517eb93b331a
SHA256

16c2c6e1ec78ff3c57bb0ae2dcbc3b5738538e3f8c58a2fe1ce8ecc4cd1d9416
SHA512

cf63541f570ad02bf8f64571e2bea32ca36dd59eae505656ff3497d86caec3b5762899f98a60173423e5adf7bdfe2cc08372a10c844a49c2c1ef9541725943c2
SSDEEP

384:YviTWTbWDHjvHyHeWuthiKz23erGTek2P8j7Yv4daWWmx2WS:Yv+vStrOr+2P8jhK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16c2c6e1ec78ff3c57bb0ae2dcbc3b5738538e3f8c58a2fe1ce8ecc4cd1d9416.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\16c2c6e1ec78ff3c57bb0ae2dcbc3b5738538e3f8c58a2fe1ce8ecc4cd1d9416.dll,#1
  2⤵
  PID:1116

memory/1116-54-0x0000000000000000-mapping.dmp

Download
memory/1116-55-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download
memory/1116-56-0x0000000077BA1000-0x0000000077BA4000-memory.dmp

Filesize
12KB

Download