3b886b7b0fb7a76df236785645682ed819a9edde3e17c6f28fd35990e9866e1b

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 13:12

Target

3b886b7b0fb7a76df236785645682ed819a9edde3e17c6f28fd35990e9866e1b.dll
Size

19KB
MD5

8508e0227da4f82ba98f2fd6b1ed98b0
SHA1

a761d9d12c8610917c2ff18520f5abd4960714c7
SHA256

3b886b7b0fb7a76df236785645682ed819a9edde3e17c6f28fd35990e9866e1b
SHA512

ef1b1b7df63674359100b36b4c5bf96cca56f40015dff7e0c16434d5dad7cf8d1f7fce085178de05b35dccf9c0f4eac58558d309d49d69176dcfff9241dc1a8f
SSDEEP

384:kOI7POw9gfEhDsrQ800i80zY4+j7JdZgU0FaXE8:kRPnhhDsGn80zpW7JdZgtFaXE

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	548	rundll32.exe
3	548	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b886b7b0fb7a76df236785645682ed819a9edde3e17c6f28fd35990e9866e1b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b886b7b0fb7a76df236785645682ed819a9edde3e17c6f28fd35990e9866e1b.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:548

memory/548-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download