225b1a303f6be3652c69b392694ea8807ac0b6f2d163115b03419375f7c53262

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 00:45

Target

225b1a303f6be3652c69b392694ea8807ac0b6f2d163115b03419375f7c53262.dll
Size

45KB
MD5

449493cffff5c7030482705f0791a3c0
SHA1

3e8979d32ce78d3835ea027183437a8a58a480da
SHA256

225b1a303f6be3652c69b392694ea8807ac0b6f2d163115b03419375f7c53262
SHA512

85e084d2f1d1d0c20eceeb6e13d5167ed6d1de1c314e0c563b3704644a39817be8e53d17d2f27c773fc837d05d12ac471ad3aeab6782bf53ab320d34166bb572
SSDEEP

768:a/hIgYlFAuCmH980j55rFexEbd4npPJHnMGg3x:a/hIb8mWy555kMGnpPJnMGKx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 1912	1116	rundll32.exe	28
PID 1116 wrote to memory of 1912	1116	rundll32.exe	28
PID 1116 wrote to memory of 1912	1116	rundll32.exe	28
PID 1116 wrote to memory of 1912	1116	rundll32.exe	28
PID 1116 wrote to memory of 1912	1116	rundll32.exe	28
PID 1116 wrote to memory of 1912	1116	rundll32.exe	28
PID 1116 wrote to memory of 1912	1116	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\225b1a303f6be3652c69b392694ea8807ac0b6f2d163115b03419375f7c53262.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\225b1a303f6be3652c69b392694ea8807ac0b6f2d163115b03419375f7c53262.dll,#1
  2⤵
  PID:1912

memory/1912-54-0x0000000000000000-mapping.dmp

Download
memory/1912-55-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download