bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 16:26

Target

bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04.dll
Size

220KB
MD5

830936ed300c91cde490ce98177b8bd5
SHA1

232bb4a29787fd1b2d8749fa2e1db68c626dd942
SHA256

bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04
SHA512

e4a38fee723c5e63e5de772a3f1ce7f9aee98d19bc1d0047cbd9433d1a2fd63d227d04aeed58d3bfa1a80af2436266232536cb03b5046fa00a71eb3fce5a086d
SSDEEP

3072:JKHXlxQJ1fLhMwyQjRzCuyoiL/tb0tSXe/mDwaM/aa8fI/f1X9u:JKEJ1VMw3XjytbLReaVWu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04.dll,#1
  2⤵
  PID:1852

memory/1852-55-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download
memory/1852-56-0x0000000074D90000-0x0000000074DC9000-memory.dmp

Filesize
228KB

Download
memory/1852-57-0x00000000001D0000-0x00000000001DF000-memory.dmp

Filesize
60KB

Download
memory/1852-58-0x00000000001E0000-0x00000000001EF000-memory.dmp

Filesize
60KB

Download