df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004

Analysis

max time kernel
79s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:54

Target

df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll
Size

11KB
MD5

8f1e0171da20d4fa766cefbc0b2d0b12
SHA1

de11a019d1959884d1539e8eb6a0e02dfff28c0b
SHA256

df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004
SHA512

c366d24c05a55ed92f1ee30b06634f4cca6e54c41db3320539b55984f4b0af51d75b90d807975ca53df18b0df2f072baf7c755595d75063153309e2d1cad4ba5
SSDEEP

192:4XoNSc57tNnE0eEdMKJCBHafMoAH8biCGDowHHPFBCiGhAzzN9qdH/K0:uR67tN1mKJuAMoU8biCQopi6DdHr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 268 wrote to memory of 1128	268	rundll32.exe	rundll32.exe
PID 268 wrote to memory of 1128	268	rundll32.exe	rundll32.exe
PID 268 wrote to memory of 1128	268	rundll32.exe	rundll32.exe
PID 268 wrote to memory of 1128	268	rundll32.exe	rundll32.exe
PID 268 wrote to memory of 1128	268	rundll32.exe	rundll32.exe
PID 268 wrote to memory of 1128	268	rundll32.exe	rundll32.exe
PID 268 wrote to memory of 1128	268	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:268

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll,#1
2⤵
PID:1128

memory/1128-54-0x0000000000000000-mapping.dmp

Download
memory/1128-55-0x0000000076D71000-0x0000000076D73000-memory.dmp

Filesize
8KB

Download