270d61c59216be8e81bdacb307c2368891da6c75b7f53735b84e0358e2120bfa

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:51

Target

270d61c59216be8e81bdacb307c2368891da6c75b7f53735b84e0358e2120bfa.dll
Size

10KB
MD5

2dcca2c0cf48002c7cd0e5d0f2b864c2
SHA1

78badf5cc10f7d666bf684e497924d0805bb0e88
SHA256

270d61c59216be8e81bdacb307c2368891da6c75b7f53735b84e0358e2120bfa
SHA512

78feef3a06cbbce69ef5c31727111cdd1cd14c745a7e6d2d5d7d373bf87fd93d03e42cab2f6634a04ab8c9f14d78a7853424f89176b4bde62be1b332d8a794ff
SSDEEP

192:Fw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w9wv:ndHad/N20IypWak8dWiWak8EdWN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1848 wrote to memory of 916	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 916	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 916	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 916	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 916	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 916	1848	rundll32.exe	rundll32.exe
PID 1848 wrote to memory of 916	1848	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\270d61c59216be8e81bdacb307c2368891da6c75b7f53735b84e0358e2120bfa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\270d61c59216be8e81bdacb307c2368891da6c75b7f53735b84e0358e2120bfa.dll,#1
2⤵
PID:916

memory/916-54-0x0000000000000000-mapping.dmp

Download
memory/916-55-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download
memory/916-56-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download