6544fb3761ebaaa541ca6fe051f14584f64f6839c2260e4e8beb0c623fa87187

Analysis

max time kernel
14s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:06

Target

6544fb3761ebaaa541ca6fe051f14584f64f6839c2260e4e8beb0c623fa87187.dll
Size

495KB
MD5

526d20ff07abbaf774640edd7e66dd99
SHA1

4033dbd348d67cdd30d91fb07db85ed57738ed06
SHA256

6544fb3761ebaaa541ca6fe051f14584f64f6839c2260e4e8beb0c623fa87187
SHA512

ddd1c2e06c131e8d061e6637fe2eec9bbccfccb296983de27c3f2057270d1d8564d40a596f4731fc3bde9bb57aed0b1f42269fbc85d0dbd96a9989f2b7f19882
SSDEEP

6144:R731n/3MyccgxPf685Ax/ku21vuivv8L2x7jIaXUsY8NtnA6rj50/0sU0CS5ePDs:R1fMdcgxX685Axk5vv8wbYS9j2UceJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 936 wrote to memory of 2036	936	rundll32.exe	rundll32.exe
PID 936 wrote to memory of 2036	936	rundll32.exe	rundll32.exe
PID 936 wrote to memory of 2036	936	rundll32.exe	rundll32.exe
PID 936 wrote to memory of 2036	936	rundll32.exe	rundll32.exe
PID 936 wrote to memory of 2036	936	rundll32.exe	rundll32.exe
PID 936 wrote to memory of 2036	936	rundll32.exe	rundll32.exe
PID 936 wrote to memory of 2036	936	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6544fb3761ebaaa541ca6fe051f14584f64f6839c2260e4e8beb0c623fa87187.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:936

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6544fb3761ebaaa541ca6fe051f14584f64f6839c2260e4e8beb0c623fa87187.dll,#1
2⤵
PID:2036

memory/2036-54-0x0000000000000000-mapping.dmp

Download
memory/2036-55-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x00000000002E0000-0x0000000000365000-memory.dmp

Filesize
532KB

Download