c4f9028d1c617f8c9beb1702ce77ae758d44cf825e6b1f1bb8a08846ee3f9278

Analysis

max time kernel
32s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 21:09

Target

c4f9028d1c617f8c9beb1702ce77ae758d44cf825e6b1f1bb8a08846ee3f9278.dll
Size

860KB
MD5

ae67b57fd3c99005d71eecfd525bc6fb
SHA1

741421d6f46e893a2d68926b0d65fbdf16528472
SHA256

c4f9028d1c617f8c9beb1702ce77ae758d44cf825e6b1f1bb8a08846ee3f9278
SHA512

60427f61b431758cedd11c421f4f0f7c7ce451ca7303ca58f2b5acaf66f860a0ed0c70dd992b4fbaad9f311a83c82b084dbfd59ede5358b861a1f64c7f6e0335
SSDEEP

24576:w4q9m0MUkW3WcoEQXqdkyAQ2cTLeJBcvL:w4q9m0MrmWco1llGXeJ2T

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 276	796	rundll32.exe	28
PID 796 wrote to memory of 276	796	rundll32.exe	28
PID 796 wrote to memory of 276	796	rundll32.exe	28
PID 796 wrote to memory of 276	796	rundll32.exe	28
PID 796 wrote to memory of 276	796	rundll32.exe	28
PID 796 wrote to memory of 276	796	rundll32.exe	28
PID 796 wrote to memory of 276	796	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4f9028d1c617f8c9beb1702ce77ae758d44cf825e6b1f1bb8a08846ee3f9278.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4f9028d1c617f8c9beb1702ce77ae758d44cf825e6b1f1bb8a08846ee3f9278.dll,#1
  2⤵
  PID:276

memory/276-54-0x0000000000000000-mapping.dmp

Download
memory/276-55-0x0000000074D71000-0x0000000074D73000-memory.dmp

Filesize
8KB

Download
memory/276-56-0x0000000010000000-0x0000000010188000-memory.dmp

Filesize
1.5MB

Download
memory/276-57-0x0000000010000000-0x0000000010188000-memory.dmp

Filesize
1.5MB

Download
memory/276-58-0x0000000010000000-0x0000000010188000-memory.dmp

Filesize
1.5MB

Download
memory/276-59-0x0000000000280000-0x000000000028A000-memory.dmp

Filesize
40KB

Download
memory/276-60-0x00000000001D0000-0x0000000000236000-memory.dmp

Filesize
408KB

Download
memory/276-61-0x0000000000260000-0x0000000000271000-memory.dmp

Filesize
68KB

Download
memory/276-62-0x00000000001D0000-0x0000000000236000-memory.dmp

Filesize
408KB

Download