769b2e2738e390e2052d57c56bc1228b95eff7219b80f12a13e44592e45f93a7

Analysis

max time kernel
26s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:48

Target

769b2e2738e390e2052d57c56bc1228b95eff7219b80f12a13e44592e45f93a7.dll
Size

119KB
MD5

5eee6d3756b32258cae05c2bdc07905d
SHA1

2000d7bb654b2fc08b492cd2ce0a3bf92a8c86d8
SHA256

769b2e2738e390e2052d57c56bc1228b95eff7219b80f12a13e44592e45f93a7
SHA512

6bfe9434e048a644b5002ab2a960d688b5b076a6526825e154e079d4231a16a769a1f22d03ff700f4fa9cfd77eca31dae24ebee0e59357d7b911cee8c9ef1b59
SSDEEP

3072:0DMC48kC8aHAZcNUkr+8v7Kd/bBo85bo:WM8DgZuUWGBVo8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1892 wrote to memory of 1896	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1896	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1896	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1896	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1896	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1896	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1896	1892	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\769b2e2738e390e2052d57c56bc1228b95eff7219b80f12a13e44592e45f93a7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\769b2e2738e390e2052d57c56bc1228b95eff7219b80f12a13e44592e45f93a7.dll,#1
2⤵
PID:1896

memory/1896-54-0x0000000000000000-mapping.dmp

Download
memory/1896-55-0x0000000075EC1000-0x0000000075EC3000-memory.dmp

Filesize
8KB

Download
memory/1896-56-0x0000000010000000-0x00000000104F6000-memory.dmp

Filesize
5.0MB

Download