f034c424c4ab81d40e56b4400b4f29639a386f120504b93b73ae63c8753188fc

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:41

Target

f034c424c4ab81d40e56b4400b4f29639a386f120504b93b73ae63c8753188fc.dll
Size

6KB
MD5

02036605fe4d127cdbbe7fdf6dbf689b
SHA1

fe31ff0380b1fb2d8c819b80842e00850a4be816
SHA256

f034c424c4ab81d40e56b4400b4f29639a386f120504b93b73ae63c8753188fc
SHA512

1c5b92839846823a0ca383fecbf17ff30236f45276568a88954813bc936761df3e546c006de7ecdec1af2912081e2f73f30bdbd94b698ae87558a8541ccc43c0
SSDEEP

96:nEY2RrF1eqwi4eI0LumN7Vc+xVFG6VaMyV8BKG4vleRW2NF7B:EHRh1epp+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f034c424c4ab81d40e56b4400b4f29639a386f120504b93b73ae63c8753188fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f034c424c4ab81d40e56b4400b4f29639a386f120504b93b73ae63c8753188fc.dll,#1
  2⤵
  PID:1672

memory/1672-54-0x0000000000000000-mapping.dmp

Download
memory/1672-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download