f4818fc5b2b7dfd8c34d01be43ad3bdb0d6e31bb7004a84d4a6d22669e42321e

Analysis

max time kernel
30s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:42

Target

f4818fc5b2b7dfd8c34d01be43ad3bdb0d6e31bb7004a84d4a6d22669e42321e.dll
Size

42KB
MD5

8d260a1475622852b91bc6dbce569a64
SHA1

1bf68057d67a1f0e92688277609804196009be18
SHA256

f4818fc5b2b7dfd8c34d01be43ad3bdb0d6e31bb7004a84d4a6d22669e42321e
SHA512

5692b16289fa8a0db950e81fea602cb90cff18e3c13d53a3739917a3ad6cf719e9b97ca9212cb1075d74bb73cc8770d22121ec809b9f736ff54157aad8c9dd5e
SSDEEP

768:HAPTF1Z0nZOZ9H7E/aML/r+EmhrCadVUTgZ/LT4tZ0ht1GvHGbm76zo93LP:STF1Z0nW9bEyirWrCadyU/LT4w31GvHX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1728 wrote to memory of 1444	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1444	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1444	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1444	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1444	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1444	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1444	1728	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4818fc5b2b7dfd8c34d01be43ad3bdb0d6e31bb7004a84d4a6d22669e42321e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4818fc5b2b7dfd8c34d01be43ad3bdb0d6e31bb7004a84d4a6d22669e42321e.dll,#1
2⤵
PID:1444

memory/1444-54-0x0000000000000000-mapping.dmp

Download
memory/1444-55-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download