c378cbc890fc6a622a5776cd5577438e3df8dff2a744b2d6fbe673fb032add37

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 20:41

Target

c378cbc890fc6a622a5776cd5577438e3df8dff2a744b2d6fbe673fb032add37.dll
Size

268KB
MD5

0ff3bd8fd6cea412f5369b5f6f9603b0
SHA1

9f92d416e263eefe8e55e1b7a5971db7272c6db4
SHA256

c378cbc890fc6a622a5776cd5577438e3df8dff2a744b2d6fbe673fb032add37
SHA512

0c91bfbf2cabadb0dc219bfc4a04ee74621132296045a102e43a63a796c8f9f2d309a1c03b748b4249bc8861d9714a971baa7de4bf32836f7ed2d30b549f4c35
SSDEEP

6144:6MJOWK4l0wqOVq1++gXR6wRiQLwCqRDooDS:62OWK4llcgDcCqRop

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c378cbc890fc6a622a5776cd5577438e3df8dff2a744b2d6fbe673fb032add37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c378cbc890fc6a622a5776cd5577438e3df8dff2a744b2d6fbe673fb032add37.dll,#1
  2⤵
  PID:1012

memory/1012-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1012-56-0x0000000010000000-0x0000000010047000-memory.dmp

Filesize
284KB

Download