0b393c115a60eb5e662ebb8e15df726c17756639b8d77505bfd4e0760198c30f

Analysis

max time kernel
46s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:35

Target

0b393c115a60eb5e662ebb8e15df726c17756639b8d77505bfd4e0760198c30f.dll
Size

12KB
MD5

5ec6d1a06c142bf769b8c883b4c0af94
SHA1

9df91b84174097d7b3bd24f37085ff4e829d3756
SHA256

0b393c115a60eb5e662ebb8e15df726c17756639b8d77505bfd4e0760198c30f
SHA512

a89b4746a0a5eabb334610c04900c803ea949a14880d542f83c8d428505fdbff814826f0ab333d2dbc43e72122ef626f1d13bff59d979d2a5da629fc485e271c
SSDEEP

384:9fJCpL3o5MS2ZrXt9o5MS2ZhZo5MS2Feo5MS2D:9fWSOjS0SRS8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b393c115a60eb5e662ebb8e15df726c17756639b8d77505bfd4e0760198c30f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b393c115a60eb5e662ebb8e15df726c17756639b8d77505bfd4e0760198c30f.dll,#1
  2⤵
  PID:1196

memory/1196-54-0x0000000000000000-mapping.dmp

Download
memory/1196-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1196-56-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/1196-57-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download