980e13c6d1c28fdcfccb44595216a4feb66a24bc9c5803e90b4a2a3f699f7405

Analysis

max time kernel
9s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-10-2022 18:09

Target

980e13c6d1c28fdcfccb44595216a4feb66a24bc9c5803e90b4a2a3f699f7405.dll
Size

52KB
MD5

0dd428d8b6c79abbff93e045e7da709a
SHA1

6169f710535ece9f6916d13e4827c74e9820a726
SHA256

980e13c6d1c28fdcfccb44595216a4feb66a24bc9c5803e90b4a2a3f699f7405
SHA512

c9796baa466f4f2fc555768f8a7bd4d3abfaf4217f55b51cf2a7bf23df89e5cb1059a2a13933ece6121f0b3520d83b8faf2b7572100d55df5d5adebc388a325e
SSDEEP

768:2788TBHR7oOj33NvwSFbyx9GGB8oYMW3Nu:2788TBHldxtbAcLoTW38

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1884	1684	rundll32.exe	28
PID 1684 wrote to memory of 1884	1684	rundll32.exe	28
PID 1684 wrote to memory of 1884	1684	rundll32.exe	28
PID 1684 wrote to memory of 1884	1684	rundll32.exe	28
PID 1684 wrote to memory of 1884	1684	rundll32.exe	28
PID 1684 wrote to memory of 1884	1684	rundll32.exe	28
PID 1684 wrote to memory of 1884	1684	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\980e13c6d1c28fdcfccb44595216a4feb66a24bc9c5803e90b4a2a3f699f7405.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\980e13c6d1c28fdcfccb44595216a4feb66a24bc9c5803e90b4a2a3f699f7405.dll,#1
  2⤵
  PID:1884

memory/1884-54-0x0000000000000000-mapping.dmp

Download
memory/1884-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download