2ff57092dead4c1a99be9aa98e0d54edc6585f189069303b11140122268d23ba

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:50

Target

41a9207db41c21c871109514d45a846b00afedbf82e0f31e989460bfe20a1c81.dll
Size

514KB
MD5

ff6fc901fdfcc1bf32bc4a1fd9bb12ba
SHA1

8ca5166eef9d13c71ca94fa0c36d0a29633e98fc
SHA256

2ff57092dead4c1a99be9aa98e0d54edc6585f189069303b11140122268d23ba
SHA512

95c5b6f4ca61c1ca3487622b2458ee0f3627479b55fad98a3452775a09dbb074f183c003ab596b4af60686e677be957f5bce3d8543779f7d039eca5a55e53e95
SSDEEP

6144:xlWn+IJZrBkWSN2XkDNxaE3/JzMsUe9w0ExM01ttmO:/nI7JtmaEqveODM01t7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2044 wrote to memory of 1460	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1460	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1460	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1460	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1460	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1460	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1460	2044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a9207db41c21c871109514d45a846b00afedbf82e0f31e989460bfe20a1c81.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a9207db41c21c871109514d45a846b00afedbf82e0f31e989460bfe20a1c81.dll,#1
2⤵
PID:1460

memory/1460-54-0x0000000000000000-mapping.dmp

Download
memory/1460-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download