7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4

Analysis

max time kernel
29s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:58

Target

7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll
Size

840KB
MD5

55ada11bf43b3f546ab16739742b1383
SHA1

94b6e6dca01ad19de19d99542514b72517666999
SHA256

7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4
SHA512

0b53b7e49969ec98e200e1a00265e547cd46663bb4c89ac5a16932f32d5f34e38fc7844f328f609f384dafe6e97f50ddb9efddb73ba036f456cd40525ea31c8b
SSDEEP

24576:SvnImr1gCVYxHnt0NvMveLYHgKn4J9VZrvsyNWAHeKlUUMGgvZT4Ez:QnImr17YxHnt0NvMveL869VZr1NWAOdz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 532 wrote to memory of 2008	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 2008	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 2008	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 2008	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 2008	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 2008	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 2008	532	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:532

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll,#1
2⤵
PID:2008

memory/2008-54-0x0000000000000000-mapping.dmp

Download
memory/2008-55-0x00000000754F1000-0x00000000754F3000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x0000000040100000-0x00000000401D3000-memory.dmp

Filesize
844KB

Download