3b2492b9b9df5e873994ed5914cf2be6fa4be116ca203ef21790a4273f729e64

Analysis

max time kernel
15s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:52

Target

3b2492b9b9df5e873994ed5914cf2be6fa4be116ca203ef21790a4273f729e64.dll
Size

135KB
MD5

15429bb8f6066e0f03a26935e3909803
SHA1

88fd56c98a840a8cb98ec6de250473a4c1ff2162
SHA256

3b2492b9b9df5e873994ed5914cf2be6fa4be116ca203ef21790a4273f729e64
SHA512

37c34d2589819ad2aa4e4f988ed31aa57360def2e88051f3317ab0083dc1dab719e28508fd9336d640cd8b06f0c10ceeb4de3920c31095947a52667e9a6ed0a3
SSDEEP

3072:TDJVk6qVZatNPWA7uKY6x06v/AHT/T6JciDmtUSsiJI6:T9Vk6ICPWA7u76xRAHzjiDJuJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 364 wrote to memory of 1868	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1868	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1868	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1868	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1868	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1868	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1868	364	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b2492b9b9df5e873994ed5914cf2be6fa4be116ca203ef21790a4273f729e64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:364

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b2492b9b9df5e873994ed5914cf2be6fa4be116ca203ef21790a4273f729e64.dll,#1
2⤵
PID:1868

memory/1868-54-0x0000000000000000-mapping.dmp

Download
memory/1868-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/1868-56-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download