0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:22

Target

0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll
Size

30KB
MD5

1a1d4911d5d64ac62a0054502ca340b2
SHA1

2784280d3138a5b664062f58de4dc446eb87cd84
SHA256

0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875
SHA512

1fc95c08182f272086eda3ee565d727cda001fe391863ffc63ae63c0526cfb568532d8b2e83397f4e398039c27f65f8c1e7bdc9693efc1a86b341d229f111ce7
SSDEEP

384:IqJs5yqusFWtRCcH4DcjZGsXVVbRKdPg0uQEuwb5rKgKMKJCmkLv3jPH/OfGlSTs:IBuss8efsub83LJC33jOfOSPyK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1488 wrote to memory of 964	1488	rundll32.exe	rundll32.exe
PID 1488 wrote to memory of 964	1488	rundll32.exe	rundll32.exe
PID 1488 wrote to memory of 964	1488	rundll32.exe	rundll32.exe
PID 1488 wrote to memory of 964	1488	rundll32.exe	rundll32.exe
PID 1488 wrote to memory of 964	1488	rundll32.exe	rundll32.exe
PID 1488 wrote to memory of 964	1488	rundll32.exe	rundll32.exe
PID 1488 wrote to memory of 964	1488	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll,#1
2⤵
PID:964

memory/964-54-0x0000000000000000-mapping.dmp

Download
memory/964-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/964-56-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download