f235bcf171a47ad387d8669b4634ef6fef44e3510a27b52b48e0ba5156009856

Analysis

max time kernel
39s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 21:01

Target

f235bcf171a47ad387d8669b4634ef6fef44e3510a27b52b48e0ba5156009856.dll
Size

647KB
MD5

5c91a2bfdeb5bcb27f20cd6fc0e3e24e
SHA1

15dd760011d62eea4d58456cee7c2e9993593d15
SHA256

f235bcf171a47ad387d8669b4634ef6fef44e3510a27b52b48e0ba5156009856
SHA512

d7e6c589c5784d28692668f700271fce24e6492c38218a3b6f2dff793a03c06700f14cbc52a0cedb4fa19b6faf1d4cdaa88fabe73ee60dd700792e90425808d9
SSDEEP

12288:gY4A6Tt8E+RrnxCwfGMwJXTK+9IfwUyBpmbeJJvB7i7:H5mmRQwfB8Tto5yebeJPs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1776 wrote to memory of 1972	1776	rundll32.exe	rundll32.exe
PID 1776 wrote to memory of 1972	1776	rundll32.exe	rundll32.exe
PID 1776 wrote to memory of 1972	1776	rundll32.exe	rundll32.exe
PID 1776 wrote to memory of 1972	1776	rundll32.exe	rundll32.exe
PID 1776 wrote to memory of 1972	1776	rundll32.exe	rundll32.exe
PID 1776 wrote to memory of 1972	1776	rundll32.exe	rundll32.exe
PID 1776 wrote to memory of 1972	1776	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f235bcf171a47ad387d8669b4634ef6fef44e3510a27b52b48e0ba5156009856.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f235bcf171a47ad387d8669b4634ef6fef44e3510a27b52b48e0ba5156009856.dll,#1
  2⤵
  PID:1972

memory/1972-54-0x0000000000000000-mapping.dmp

Download
memory/1972-55-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download
memory/1972-56-0x0000000000710000-0x00000000007B7000-memory.dmp

Filesize
668KB

Download