f483d9994b335651420077de21e12ca33c242bc24bb5e30e3d2b6d0ca7d3405e

Analysis

max time kernel
15s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 13:03

Target

f483d9994b335651420077de21e12ca33c242bc24bb5e30e3d2b6d0ca7d3405e.dll
Size

21KB
MD5

0900dfff1b12d714af80a238d21b1a28
SHA1

716b390e89e74167a26f61284224ed0ecbb9f6c6
SHA256

f483d9994b335651420077de21e12ca33c242bc24bb5e30e3d2b6d0ca7d3405e
SHA512

8a024a815a1607afb8bae2b41900b6f692c94dff1da06874b24a1fdc29671d4b36fe96373fad0be77b612e0efd35c047a937564ed56f66512ee9cd168c5fc55e
SSDEEP

384:WkLQNGvaVbl/T3n7QDZvziM59XIXlrn78Zc6lZTHWr82EWr3k8V:WkgjkeeXIXlH8lR2d37

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1356	1912	rundll32.exe	28
PID 1912 wrote to memory of 1356	1912	rundll32.exe	28
PID 1912 wrote to memory of 1356	1912	rundll32.exe	28
PID 1912 wrote to memory of 1356	1912	rundll32.exe	28
PID 1912 wrote to memory of 1356	1912	rundll32.exe	28
PID 1912 wrote to memory of 1356	1912	rundll32.exe	28
PID 1912 wrote to memory of 1356	1912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f483d9994b335651420077de21e12ca33c242bc24bb5e30e3d2b6d0ca7d3405e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f483d9994b335651420077de21e12ca33c242bc24bb5e30e3d2b6d0ca7d3405e.dll,#1
  2⤵
  PID:1356

memory/1356-55-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download
memory/1356-56-0x0000000071A11000-0x0000000071A15000-memory.dmp

Filesize
16KB

Download