d337ed6563101e8ec0165e8eac8c55630b9642e53718854344978ec07add35cd

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 21:56

Target

d337ed6563101e8ec0165e8eac8c55630b9642e53718854344978ec07add35cd.dll
Size

57KB
MD5

840a5c95e496d43ad6d9255245778747
SHA1

220fd02d2bac2aea155c499d904a2d1718f1f733
SHA256

d337ed6563101e8ec0165e8eac8c55630b9642e53718854344978ec07add35cd
SHA512

912bcb34d8e25bbcaafc89aa6f4a48675cf9dccc267dd982ea5cb630a1a52ea37c8fa9fee84be04410f34a63ec38a2e472a1760411e6c9afafbdae68f5e4e08d
SSDEEP

1536:ANIKDP4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:VqP4YU6ErtGNEKIpCT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27
PID 1688 wrote to memory of 1044	1688	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d337ed6563101e8ec0165e8eac8c55630b9642e53718854344978ec07add35cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d337ed6563101e8ec0165e8eac8c55630b9642e53718854344978ec07add35cd.dll,#1
  2⤵
  PID:1044

memory/1044-54-0x0000000000000000-mapping.dmp

Download
memory/1044-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download