7e009c351b21f6700c2078ea004417501fa3b22cb2ce536dd9569c0d35a45360

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:04

Target

7e009c351b21f6700c2078ea004417501fa3b22cb2ce536dd9569c0d35a45360.dll
Size

274KB
MD5

346730a882a5963da5e9ecbdee5616e3
SHA1

fb2b836fed15ddcf1b4d67c107b3881fddb527ed
SHA256

7e009c351b21f6700c2078ea004417501fa3b22cb2ce536dd9569c0d35a45360
SHA512

9b9997adc3396fb2e85f449461a91cb56669c4f45f88cb82f2600f46c57d164bd500515e6234870a3a9114c9010a04d566852e79ca063e3c9f9f9155f29d35d5
SSDEEP

6144:IOSjIXo9jPDv5eisvDs8W7s9ZuJrUO//oOqzTzlUK/zNFe5kQn:3549zDUis7s8W7GYAOqWAMiQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1144 wrote to memory of 1252	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 1252	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 1252	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 1252	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 1252	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 1252	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 1252	1144	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e009c351b21f6700c2078ea004417501fa3b22cb2ce536dd9569c0d35a45360.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e009c351b21f6700c2078ea004417501fa3b22cb2ce536dd9569c0d35a45360.dll,#1
2⤵
PID:1252

memory/1252-54-0x0000000000000000-mapping.dmp

Download
memory/1252-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1252-56-0x00000000736D0000-0x000000007371C000-memory.dmp

Filesize
304KB

Download
memory/1252-57-0x00000000736D1000-0x000000007370F000-memory.dmp

Filesize
248KB

Download