16c6225d24792bb6cc2e595e2881e556c2e5523fc9a337cc8db5042e83f03ef7

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:47

Target

16c6225d24792bb6cc2e595e2881e556c2e5523fc9a337cc8db5042e83f03ef7.dll
Size

21KB
MD5

761352a2cf005a431c20038d16fded6b
SHA1

089e2bffcd1d6b14588b444bfdd657152f032e93
SHA256

16c6225d24792bb6cc2e595e2881e556c2e5523fc9a337cc8db5042e83f03ef7
SHA512

6f2dafe4675bfa658cadf14d940075d1cc8fce5fc90c7749a11c89a1377cf62fe06b994d04df173ec1eed73016a668ccaa6a4927e96e8e4a89efd7fa57ab7786
SSDEEP

384:SDtift+0qZpQ2F9zikQzn29E1Oprhr6KdYcwZv2uAPH:SDtiftJqfikQzMh+KslU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1288 wrote to memory of 1524	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 1524	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 1524	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 1524	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 1524	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 1524	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 1524	1288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16c6225d24792bb6cc2e595e2881e556c2e5523fc9a337cc8db5042e83f03ef7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16c6225d24792bb6cc2e595e2881e556c2e5523fc9a337cc8db5042e83f03ef7.dll,#1
2⤵
PID:1524

memory/1524-54-0x0000000000000000-mapping.dmp

Download
memory/1524-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download