5250e779bcf488dda3a404ac6184d7e9fb483df4d990c8a629ad00aa8615cdd9

Analysis

max time kernel
36s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:19

Target

5250e779bcf488dda3a404ac6184d7e9fb483df4d990c8a629ad00aa8615cdd9.dll
Size

158KB
MD5

13abe1ea7a50ebb00276bb84c49ea7b6
SHA1

a5e74fbec80744d8c787d3d271983316e8dace9f
SHA256

5250e779bcf488dda3a404ac6184d7e9fb483df4d990c8a629ad00aa8615cdd9
SHA512

f824b780c9456b848c376aaa95253c1efcb04a82bbba1f195d8601512de06f01acda8154e30918f4d8ed4a2987d3bfde131b4c285f9f7aa166026e7c2bdadf0b
SSDEEP

3072:10RrXdStDe33HiLzpc0wkWwTYBASgN7wrIy4p8GNFV:8rXItM3HuFc/pwTvrNRnp8G

Score

1^/10

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 860 wrote to memory of 604	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 604	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 604	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 604	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 604	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 604	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 604	860	rundll32.exe	rundll32.exe
PID 604 wrote to memory of 568	604	rundll32.exe	cmd.exe
PID 604 wrote to memory of 568	604	rundll32.exe	cmd.exe
PID 604 wrote to memory of 568	604	rundll32.exe	cmd.exe
PID 604 wrote to memory of 568	604	rundll32.exe	cmd.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5250e779bcf488dda3a404ac6184d7e9fb483df4d990c8a629ad00aa8615cdd9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:860

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5250e779bcf488dda3a404ac6184d7e9fb483df4d990c8a629ad00aa8615cdd9.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:604

memory/568-60-0x0000000000000000-mapping.dmp

Download
memory/604-54-0x0000000000000000-mapping.dmp

Download
memory/604-55-0x0000000074C41000-0x0000000074C43000-memory.dmp

Filesize
8KB

Download
memory/604-56-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/604-57-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/604-58-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/604-59-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/604-61-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download