bc1ff9560aa98501747407114d02368eca94fbc663502f1e5da281561920e200

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 02:31

Target

bc1ff9560aa98501747407114d02368eca94fbc663502f1e5da281561920e200.dll
Size

276KB
MD5

931fa431b360751ee8da7d78e6388738
SHA1

88c8793cc8713e3b83d371ed9a8e4ce323c5a0dc
SHA256

bc1ff9560aa98501747407114d02368eca94fbc663502f1e5da281561920e200
SHA512

5570516c569f48f114fe4ac7f6577bb891eb65f41b1e03ae7829fe6a709bf0355b6637798ccc020c0b541e20b9a46bdeb7a066ab959ac8c0ec82035c3bbde98c
SSDEEP

3072:GxuY/Xub2QqXHUL4YLS2zGS6bG+gWMOBL/a0qKNrthQtuGuXv:GUY/+iDHUcYLSS5jWMObqKN5n

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc1ff9560aa98501747407114d02368eca94fbc663502f1e5da281561920e200.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc1ff9560aa98501747407114d02368eca94fbc663502f1e5da281561920e200.dll,#1
  2⤵
  PID:1472

memory/1472-54-0x0000000000000000-mapping.dmp

Download
memory/1472-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1472-56-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/1472-57-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download