ddaf485651a89f258588a86a2bd1bb8d0dc0c8cd9bc24c714b9d61d392be9578

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 10:02

Target

ddaf485651a89f258588a86a2bd1bb8d0dc0c8cd9bc24c714b9d61d392be9578.dll
Size

71KB
MD5

0a456f6f407d729173eb074929c46f8b
SHA1

c915d791ce5c941da48945575dc83a0ab729a0b8
SHA256

ddaf485651a89f258588a86a2bd1bb8d0dc0c8cd9bc24c714b9d61d392be9578
SHA512

8400fa79eff288e21773911bb6e1e5cc0e2f5a4f8e0513a3bd868e1d67c470ad05627b0a54d5232a7bc43542ececb56f2ba20768917fc6c4c38bf46ce3ed1a0b
SSDEEP

1536:8HjoknResEbp/7U4DCpiP8K6GEW93UmGda3JNY:8DokRKpujGFkdKW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 2040	1228	rundll32.exe	27
PID 1228 wrote to memory of 2040	1228	rundll32.exe	27
PID 1228 wrote to memory of 2040	1228	rundll32.exe	27
PID 1228 wrote to memory of 2040	1228	rundll32.exe	27
PID 1228 wrote to memory of 2040	1228	rundll32.exe	27
PID 1228 wrote to memory of 2040	1228	rundll32.exe	27
PID 1228 wrote to memory of 2040	1228	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddaf485651a89f258588a86a2bd1bb8d0dc0c8cd9bc24c714b9d61d392be9578.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddaf485651a89f258588a86a2bd1bb8d0dc0c8cd9bc24c714b9d61d392be9578.dll,#1
  2⤵
  PID:2040

memory/2040-54-0x0000000000000000-mapping.dmp

Download
memory/2040-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/2040-56-0x0000000074710000-0x0000000074723000-memory.dmp

Filesize
76KB

Download
memory/2040-57-0x00000000746F0000-0x0000000074703000-memory.dmp

Filesize
76KB

Download
memory/2040-58-0x00000000746F0000-0x0000000074703000-memory.dmp

Filesize
76KB

Download