98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66

Analysis

max time kernel
13s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:35

Target

98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66.dll
Size

192KB
MD5

02846e0a68a421ab6c4d458ebf2b12f2
SHA1

ba6ca8713e216dee8bfe701de8a4e1a11f767aa0
SHA256

98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66
SHA512

7682fd583b38f1e721df76b576b13ec79be21cacb7f3737f560641ce342abe2365ad9231ed28fffe00fa42715ced82704e3cd2b92ce40bde0018cdc69675a0cd
SSDEEP

3072:e8mUVavyjhib2g7yj4zug7UMIahFJeMR4pJajIAF0QM58yN4BTFhN1wweTqCYei:e+j+f7yj4SgxteMR6a3F5u8yN4dF7oq/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 900 wrote to memory of 1984	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 1984	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 1984	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 1984	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 1984	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 1984	900	rundll32.exe	rundll32.exe
PID 900 wrote to memory of 1984	900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66.dll,#1
2⤵
PID:1984

memory/1984-54-0x0000000000000000-mapping.dmp

Download
memory/1984-55-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/1984-56-0x0000000000210000-0x0000000000244000-memory.dmp

Filesize
208KB

Download
memory/1984-57-0x0000000000210000-0x0000000000244000-memory.dmp

Filesize
208KB

Download