10fb91a427e5affdf0cc64604da40fc1612b733d4740c8a2cffef6b7c431ed7b

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:06

Target

10fb91a427e5affdf0cc64604da40fc1612b733d4740c8a2cffef6b7c431ed7b.dll
Size

51KB
MD5

43939a0bdeb57f1dd86742947363ecae
SHA1

89947580cd72f555b4894109ed2f77e426193dc2
SHA256

10fb91a427e5affdf0cc64604da40fc1612b733d4740c8a2cffef6b7c431ed7b
SHA512

c17b26fd59cb3a02d46723cdd5056c4a2d32e2213a623e3292d8d4dc280f41b6f6fa0f7a06c7580edfa87da53486266edd3dbe351e8306973f695663099f13a4
SSDEEP

1536:N6d4ylwJeb6hM4YF+gu/1XNhVdjEyWOE:N6d4yCJeb0M4YF+gu9LVdjrWO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1668 wrote to memory of 836	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 836	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 836	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 836	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 836	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 836	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 836	1668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10fb91a427e5affdf0cc64604da40fc1612b733d4740c8a2cffef6b7c431ed7b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10fb91a427e5affdf0cc64604da40fc1612b733d4740c8a2cffef6b7c431ed7b.dll,#1
2⤵
PID:836

memory/836-54-0x0000000000000000-mapping.dmp

Download
memory/836-55-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/836-56-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/836-57-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download