a0862dfb83d927119ac4ded2f9159e5307bcbb3be13aff08076c509aed806447

Analysis

max time kernel
23s
max time network
28s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 08:12

Target

AntiVC.dll
Size

47KB
MD5

ed0c74815e4d0c37563d89c7af54f2cc
SHA1

f12d4e876740769fe8c81fa421827140c8a0cf4e
SHA256

f07eb8723995cf5c90bad1a3fa3bc6419dad3952f238413c9b62d1f8ef292945
SHA512

0bccb938bca4f4546879119d81a2e7fe88552f87ab7e3cdfe7b70cd7bbcd847a607ff9e4423448e6bd87ffb901780041ad4fae1261ae7adbece53654935fc4ab
SSDEEP

768:iaxaL4XsKTYnbdofZpyBXStk4OJ5dIuUCy/s724bMMzxTnefg7hWyfew420pIOTc:x/XsDufXOXck4ODSCyUS4r9Tefg7aWSU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1684 wrote to memory of 1552	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1552	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1552	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1552	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1552	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1552	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1552	1684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AntiVC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AntiVC.dll,#1
2⤵
PID:1552

memory/1552-54-0x0000000000000000-mapping.dmp

Download
memory/1552-55-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download