3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa

Analysis

max time kernel
21s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:34

Target

3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa.dll
Size

186KB
MD5

94eea943f35df0b59477825210e21d9e
SHA1

1c936b6fc359cdd7dd5d8f93652e7b8dd468d46e
SHA256

3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa
SHA512

f125c1101de54394887c7f13dfb06d538a5ef7e7e4136cbd7b38b63ae4e4c813b30c58517d6dc3dfb2aa584680df114bad78283767c58dc99ae7953c65c6c26a
SSDEEP

3072:wnhMMckC7W2oHLu+B2AHAsDImVe0ucjzkBeM/RFCh+Rz7NdO3rJRWljmlnKrs4HH:wKWCq2oHLuQHAsDRVjJEX/RFCh+Rz7Ny

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1268 wrote to memory of 1636	1268	rundll32.exe	rundll32.exe
PID 1268 wrote to memory of 1636	1268	rundll32.exe	rundll32.exe
PID 1268 wrote to memory of 1636	1268	rundll32.exe	rundll32.exe
PID 1268 wrote to memory of 1636	1268	rundll32.exe	rundll32.exe
PID 1268 wrote to memory of 1636	1268	rundll32.exe	rundll32.exe
PID 1268 wrote to memory of 1636	1268	rundll32.exe	rundll32.exe
PID 1268 wrote to memory of 1636	1268	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1268

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa.dll,#1
2⤵
PID:1636

memory/1636-54-0x0000000000000000-mapping.dmp

Download
memory/1636-55-0x0000000075211000-0x0000000075213000-memory.dmp

Filesize
8KB

Download
memory/1636-56-0x0000000000121000-0x0000000000148000-memory.dmp

Filesize
156KB

Download
memory/1636-57-0x0000000000120000-0x0000000000152000-memory.dmp

Filesize
200KB

Download
memory/1636-58-0x0000000000110000-0x0000000000142000-memory.dmp

Filesize
200KB

Download
memory/1636-59-0x0000000000120000-0x0000000000126000-memory.dmp

Filesize
24KB

Download