fb84e37294899d25950d9884f70e82b56fea7d967e64d4939366217f968f1aa4

Analysis

max time kernel
22s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 21:29

Target

fb84e37294899d25950d9884f70e82b56fea7d967e64d4939366217f968f1aa4.dll
Size

45KB
MD5

051a93bd5174fea26b5023cbbfda1b0e
SHA1

c4a78763fd51ebcb24ee40e44b49028288db0397
SHA256

fb84e37294899d25950d9884f70e82b56fea7d967e64d4939366217f968f1aa4
SHA512

3ed584ffa141b64390652f3895e8f252f6bf30d83009100da30fdbc2ce39b123799f89b162b628cf7ba1b92225e42c30f604a9d634783a6daaffaddceb994d64
SSDEEP

768:exITIjUVHmgOMtitTjxyNq5ewMwkjw5I9tGvADjMl6t:KITIjUC4WTQNqNfkjw2GTl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1264 wrote to memory of 1772	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1772	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1772	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1772	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1772	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1772	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1772	1264	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb84e37294899d25950d9884f70e82b56fea7d967e64d4939366217f968f1aa4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1264

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb84e37294899d25950d9884f70e82b56fea7d967e64d4939366217f968f1aa4.dll,#1
2⤵
PID:1772

memory/1772-54-0x0000000000000000-mapping.dmp

Download
memory/1772-55-0x0000000075291000-0x0000000075293000-memory.dmp

Filesize
8KB

Download
memory/1772-56-0x00000000000B0000-0x00000000000BF000-memory.dmp

Filesize
60KB

Download
memory/1772-57-0x00000000000B0000-0x00000000000BF000-memory.dmp

Filesize
60KB

Download