83c16e66839c3412c6bb745a2030616a5a8ffab715831029520b56e23bfad3b4

Analysis

max time kernel
21s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:49

Target

83c16e66839c3412c6bb745a2030616a5a8ffab715831029520b56e23bfad3b4.dll
Size

9KB
MD5

db1a6168c43705337a3df7e89625975b
SHA1

ac701e1eedab6b9799ae1874088b1fa02815a65d
SHA256

83c16e66839c3412c6bb745a2030616a5a8ffab715831029520b56e23bfad3b4
SHA512

aa6ada2131861e838fb2ca1a007f35397877b5366b0f8ebfda5869ee803421ca3560c046508b7fe1d0d26c3864e6f4bca80814e1bbda203411b1f78c092f9eb0
SSDEEP

96:zm5FiHONpfddqYX6m+D+wpCINc948wmfrKEPgEMs4I9m6Gc3ITzi/IaR0lQ4bMfn:zm5F13Vdr6NDfp4984UQ9m6GcY+gaWo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1340 wrote to memory of 1736	1340	rundll32.exe	rundll32.exe
PID 1340 wrote to memory of 1736	1340	rundll32.exe	rundll32.exe
PID 1340 wrote to memory of 1736	1340	rundll32.exe	rundll32.exe
PID 1340 wrote to memory of 1736	1340	rundll32.exe	rundll32.exe
PID 1340 wrote to memory of 1736	1340	rundll32.exe	rundll32.exe
PID 1340 wrote to memory of 1736	1340	rundll32.exe	rundll32.exe
PID 1340 wrote to memory of 1736	1340	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83c16e66839c3412c6bb745a2030616a5a8ffab715831029520b56e23bfad3b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1340

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83c16e66839c3412c6bb745a2030616a5a8ffab715831029520b56e23bfad3b4.dll,#1
2⤵
PID:1736

memory/1736-54-0x0000000000000000-mapping.dmp

Download
memory/1736-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download