222f355ba58d8e46bd741c5714c14a243f147dc7c45cccf91716d5fba9ce9413

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:25

Target

222f355ba58d8e46bd741c5714c14a243f147dc7c45cccf91716d5fba9ce9413.dll
Size

17KB
MD5

2d35ff389b821e0689b34296de231df3
SHA1

aa32c3562be2daa3355cc5311ae21d6b76cd37b4
SHA256

222f355ba58d8e46bd741c5714c14a243f147dc7c45cccf91716d5fba9ce9413
SHA512

fa251a126ca5588f11f43a238befd7a0a8cdbf24f574b7eefe40aaada6fef541ecab1438aa172f9b34fa97e05ae65bd51839cf7a1361af0c508b849597317b68
SSDEEP

384:YzR0K8EctHYbcPcJstJYv18hKlcd0Wmz+CYQ99HHN7:YZAtHQuhtJhwcQXxnN7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1728 wrote to memory of 1720	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1720	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1720	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1720	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1720	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1720	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1720	1728	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\222f355ba58d8e46bd741c5714c14a243f147dc7c45cccf91716d5fba9ce9413.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\222f355ba58d8e46bd741c5714c14a243f147dc7c45cccf91716d5fba9ce9413.dll,#1
2⤵
PID:1720

memory/1720-54-0x0000000000000000-mapping.dmp

Download
memory/1720-55-0x0000000076221000-0x0000000076223000-memory.dmp

Filesize
8KB

Download
memory/1720-56-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download