b478c3156acb002f5b54f34847f40b15283e84399de55c66282bc4e74802b7ed

Analysis

max time kernel
14s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:44

Target

b478c3156acb002f5b54f34847f40b15283e84399de55c66282bc4e74802b7ed.dll
Size

4KB
MD5

3904e8c596c4f9d387a7793203c13228
SHA1

5cc7d3b51405bfcbc913daa0ee659f820ece7ab0
SHA256

b478c3156acb002f5b54f34847f40b15283e84399de55c66282bc4e74802b7ed
SHA512

a7f657f3ea56f0e56dd14d89a8c3c624202dbd8a96bf11dff0105ea8a1d70a2ba1f8fd6f226f7ef93f237c8637b43f2f382e57a238cfa5658f41b0e410f4e72d
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKDK2Ke8G4RB3CWq00WH8:PT3r2vu9QK2x4RNZqZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1716 wrote to memory of 1688	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 1688	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 1688	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 1688	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 1688	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 1688	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 1688	1716	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b478c3156acb002f5b54f34847f40b15283e84399de55c66282bc4e74802b7ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b478c3156acb002f5b54f34847f40b15283e84399de55c66282bc4e74802b7ed.dll,#1
  2⤵
  PID:1688

memory/1688-54-0x0000000000000000-mapping.dmp

Download
memory/1688-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download