dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:50

Target

dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c.dll
Size

64KB
MD5

3a49b15abd198f4978606440eff9541a
SHA1

2528416c05de56432103b5f9dc7a053cc5e1462b
SHA256

dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c
SHA512

d328795c11c7c2d80136b2659fe72d881ff18e6ce5db23706810c96d00163de4d0334416e2fd2bb35db39e660f3962c38e8c0d53437d62be7bee33737a902012
SSDEEP

1536:7NDeEwHHaSFYcAeaThGVsEF5ILNDuFpjgPXAA:7NDPmxLU985YcFpjgPwA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c.dll,#1
  2⤵
  PID:1812

memory/1812-55-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download