3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 04:39

Target

3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059.dll
Size

81KB
MD5

93542c914b1ad6be3ac65f6e56d3ab80
SHA1

2bba4b96ea9b5c3286f9d9cc19c17d29d9bfbc59
SHA256

3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059
SHA512

68da82c145c8744e950081d4b263adc66e978428225ff6260d6a15be77eecdd8838b3cca5f89c23f65ef2c043b6b1f16ad769080e9e093979a80853d6ae96cd4
SSDEEP

1536:LSXbPpBUumBl7wNS/xpP0uE5RTzuQeRPEatdmiPNlc8NTGlU9ve:4LpaMSm5RTiQeZEKmCNlFzF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059.dll,#1
  2⤵
  PID:1956

memory/1956-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download
memory/1956-56-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download
memory/1956-57-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download