216213bd503d646d64595243c8996916091bbdb1f8b4aae98a70bcaf34b04d5a

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 04:34

Target

216213bd503d646d64595243c8996916091bbdb1f8b4aae98a70bcaf34b04d5a.dll
Size

81KB
MD5

74e8cb40f35c2d41e08d4be11e69ec74
SHA1

b9b50965aa66bfc210d49154c5482501d185b39d
SHA256

216213bd503d646d64595243c8996916091bbdb1f8b4aae98a70bcaf34b04d5a
SHA512

6ea9f46e33bc359c2ad93c9832ae803ab77643676a73dcf35f057ac143f0bf9cbfeb23478d55586b73e83a6edfaf527f43b1ab80de49f3f6dd833b643ac28afd
SSDEEP

1536:PSwlKC19SnIhSmet0w5XBiiaYhyEz2HyQ2TGZyBXWdM91NoS7B2nj2xnJ/Pc:HAM8XBiiakyEz2HEGZyQm9/ocBbnFPc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\216213bd503d646d64595243c8996916091bbdb1f8b4aae98a70bcaf34b04d5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\216213bd503d646d64595243c8996916091bbdb1f8b4aae98a70bcaf34b04d5a.dll,#1
  2⤵
  PID:1724

memory/1724-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download
memory/1724-56-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download
memory/1724-57-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download
memory/1724-58-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download