842f0cfab05b582ca167260950836660a192d020f874735387870822de95395c

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:09

Target

842f0cfab05b582ca167260950836660a192d020f874735387870822de95395c.dll
Size

10KB
MD5

53aa168efba1d8e00d34e108e163a3d8
SHA1

af78ca99f6a63c21174c04ba8729045cf2e5744a
SHA256

842f0cfab05b582ca167260950836660a192d020f874735387870822de95395c
SHA512

4ece70761bf0448f063d77d565c27b51ef4bbb731efea21eb317bbb9935f184af59d881239a2d859c1535ffd9b159e17df450ae320023ba5793ba7ddbc00c257
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92b9:6dHad/N20IypWak8dWiWak8EdW7R

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1264 wrote to memory of 1788	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1788	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1788	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1788	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1788	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1788	1264	rundll32.exe	rundll32.exe
PID 1264 wrote to memory of 1788	1264	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\842f0cfab05b582ca167260950836660a192d020f874735387870822de95395c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1264

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\842f0cfab05b582ca167260950836660a192d020f874735387870822de95395c.dll,#1
2⤵
PID:1788

memory/1788-54-0x0000000000000000-mapping.dmp

Download
memory/1788-55-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download
memory/1788-56-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download