1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1

Resubmissions

27-10-2022 16:05

20-10-2022 21:03

max time kernel
136s
max time network
149s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 21:03

Target

1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1.dll
Size

973KB
MD5

8c658b9b02814927124351484c42a272
SHA1

85c346b2d6d0306a5bf7f276e82d9984c167e8ea
SHA256

1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1
SHA512

28f9fcd72e5beceef4e7442e7bac02c0b5060c71403af34aabb78f4871c28bfdf88f4a50da8988fbbc07429466db6c05dd4f3292cabedf913ccbd532086deba3
SSDEEP

12288:bDDjN50jO7rPxxYnCOWMrZlTf6ahp+3NV6ZZveATYAyvPzXTwnX1cQ47gcckpPWy:/vf3ZKnZDyYxr6AVIY7wOM058ZxM

Score

8^/10

Blocklisted process makes network request 4 IoCs

Processes:

rundll32.exe

flow pid process

2 1536 rundll32.exe
6 1536 rundll32.exe
7 1536 rundll32.exe
8 1536 rundll32.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1388 wrote to memory of 1536	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1536	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1536	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1536	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1536	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1536	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1536	1388	rundll32.exe	rundll32.exe
PID 1536 wrote to memory of 760	1536	rundll32.exe	cmd.exe
PID 1536 wrote to memory of 760	1536	rundll32.exe	cmd.exe
PID 1536 wrote to memory of 760	1536	rundll32.exe	cmd.exe
PID 1536 wrote to memory of 760	1536	rundll32.exe	cmd.exe
PID 1536 wrote to memory of 1796	1536	rundll32.exe	cmd.exe
PID 1536 wrote to memory of 1796	1536	rundll32.exe	cmd.exe
PID 1536 wrote to memory of 1796	1536	rundll32.exe	cmd.exe
PID 1536 wrote to memory of 1796	1536	rundll32.exe	cmd.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388

C:\Windows\SysWOW64\cmd.exe
cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\C5B4.tmp
3⤵
PID:760

C:\Windows\SysWOW64\cmd.exe
cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\C5B4.tmp
3⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\C5B4.tmp
Filesize
3KB

MD5
bfd5066b7a16fe69b18de8253ee3ba9f

SHA1
f25b2f3e34e45f974efb174125d60bd9bebfc836

SHA256
aededac5c125ee5f74342b81232162f717bcdda82249599a19b113dc6a78716a

SHA512
9b763fa5083f9cb8edbabb0b0e0da46cd943ac05820abb413aa723d425b79a5c23454e4e2c8196ca42b872fe7f7e55186841e8e2ae06306ab36bf4d721c75b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\C5B4.tmp
Filesize
3KB

MD5
bfd5066b7a16fe69b18de8253ee3ba9f

SHA1
f25b2f3e34e45f974efb174125d60bd9bebfc836

SHA256
aededac5c125ee5f74342b81232162f717bcdda82249599a19b113dc6a78716a

SHA512
9b763fa5083f9cb8edbabb0b0e0da46cd943ac05820abb413aa723d425b79a5c23454e4e2c8196ca42b872fe7f7e55186841e8e2ae06306ab36bf4d721c75b3c

Download Submit
memory/760-61-0x0000000000000000-mapping.dmp

Download
memory/1536-54-0x0000000000000000-mapping.dmp

Download
memory/1536-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1536-56-0x0000000000A70000-0x0000000000B68000-memory.dmp

Filesize
992KB

Download
memory/1536-58-0x00000000001D0000-0x00000000001DF000-memory.dmp

Filesize
60KB

Download
memory/1536-57-0x00000000001D0000-0x00000000001DF000-memory.dmp

Filesize
60KB

Download
memory/1536-59-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/1536-60-0x00000000001D0000-0x00000000001DF000-memory.dmp

Filesize
60KB

Download
memory/1796-62-0x0000000000000000-mapping.dmp

Download