0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943

Analysis

max time kernel
26s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:04

Target

0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943.dll
Size

345KB
MD5

09a7bf5f41b4e8239501157ac037467d
SHA1

fb4a06d98c001bebbbac2611fbca463bb738e223
SHA256

0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943
SHA512

afbc910cdde6ece3b3762c5a0aa825e4d1371ad1cafb3b98653ffec68de80f448f6e6a23d5ef42d26d1b1ff80e50e7d5110dc074f34454be511361045be3d8b1
SSDEEP

6144:eMJOWK4l0wqOVq1cC3dqzKIQ8v7Aw81Ztq:e2OWK4ll7lmIQCn8s

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1228 wrote to memory of 2040	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 2040	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 2040	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 2040	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 2040	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 2040	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 2040	1228	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943.dll,#1
2⤵
PID:2040

memory/2040-54-0x0000000000000000-mapping.dmp

Download
memory/2040-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/2040-56-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download