b9a131fd46c639665e94401a0222876f7a1afa3f8cebf4e15b49fcc0862745f4

Analysis

max time kernel
41s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:03

Target

b9a131fd46c639665e94401a0222876f7a1afa3f8cebf4e15b49fcc0862745f4.dll
Size

280KB
MD5

44e9e1483b03cb43f60fbd1477a2e951
SHA1

490cdacb864b8f35f4fa2f763c165b5c292a00df
SHA256

b9a131fd46c639665e94401a0222876f7a1afa3f8cebf4e15b49fcc0862745f4
SHA512

f5798ab5898864e088870ca33c67605f81a4a1804c3984648c5c4917dae5d18df4e1c717345b9f5c7cf09a1417cf5e8b79aa04925c9de375280f83819ad5bd42
SSDEEP

3072:VPTtF58B5rFg6ZgqShStGVELDa+AP39jTc67MlYMY7nVcWsLFqrb68JFXBwy4gSM:BTtFoStMtnDIrSY37nns5qrm8J5Bb8M

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 276 wrote to memory of 948	276	rundll32.exe	rundll32.exe
PID 276 wrote to memory of 948	276	rundll32.exe	rundll32.exe
PID 276 wrote to memory of 948	276	rundll32.exe	rundll32.exe
PID 276 wrote to memory of 948	276	rundll32.exe	rundll32.exe
PID 276 wrote to memory of 948	276	rundll32.exe	rundll32.exe
PID 276 wrote to memory of 948	276	rundll32.exe	rundll32.exe
PID 276 wrote to memory of 948	276	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9a131fd46c639665e94401a0222876f7a1afa3f8cebf4e15b49fcc0862745f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:276

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9a131fd46c639665e94401a0222876f7a1afa3f8cebf4e15b49fcc0862745f4.dll,#1
2⤵
PID:948

memory/948-54-0x0000000000000000-mapping.dmp

Download
memory/948-55-0x0000000074D71000-0x0000000074D73000-memory.dmp

Filesize
8KB

Download
memory/948-56-0x0000000067950000-0x0000000067996000-memory.dmp

Filesize
280KB

Download
memory/948-57-0x0000000067950000-0x0000000067996000-memory.dmp

Filesize
280KB

Download