48b58de52e1fdb863827e05424440bfe730fb210d35a8baa7239eb3127216b40

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:25

Target

48b58de52e1fdb863827e05424440bfe730fb210d35a8baa7239eb3127216b40.dll
Size

144KB
MD5

74a9b736cd5543e46c6e94fed2fd7ab4
SHA1

b74eba12d40294bea95b39122c8a655f9c6f518c
SHA256

48b58de52e1fdb863827e05424440bfe730fb210d35a8baa7239eb3127216b40
SHA512

a5f4ae7d7ef01bea2da79f292a398a4b5f2de89d9e240b5dd3d505ae001a0739e2227b7485d4d46cc586079160a4b6243f24c2709b10f3c691b55ea201d5e967
SSDEEP

3072:KCN845tuG7wVJZDa7taxsg0Nxils60xo4MqqDLy/zed:B8458G7wRDu35NxR602qqDLuc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2032 wrote to memory of 864	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 864	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 864	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 864	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 864	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 864	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 864	2032	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48b58de52e1fdb863827e05424440bfe730fb210d35a8baa7239eb3127216b40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48b58de52e1fdb863827e05424440bfe730fb210d35a8baa7239eb3127216b40.dll,#1
2⤵
PID:864

memory/864-54-0x0000000000000000-mapping.dmp

Download
memory/864-55-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/864-56-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download