327154cb32a9aad108ab9cedb964b01728b0c379cff92681b06251f7ae74b847

Analysis

max time kernel
25s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 21:45

Target

327154cb32a9aad108ab9cedb964b01728b0c379cff92681b06251f7ae74b847.dll
Size

156KB
MD5

388966d7341c886d4ecde2515af4ab52
SHA1

b320df6545481c14b488ec6ecef981950761c51b
SHA256

327154cb32a9aad108ab9cedb964b01728b0c379cff92681b06251f7ae74b847
SHA512

5ebe3e95117ba36b39f859ac2241554ce8768e898711a2d86df7f221bf96eaeba3a27096d379566c439039a2c8d8f34c5aebc7bac8d4678eea4e978bf77c79c9
SSDEEP

3072:w5dMJLz1TQJsUso3IhJB3cQzauDoWkVrRfeunZO:pQGEosGaldfeunA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 916	880	rundll32.exe	28
PID 880 wrote to memory of 916	880	rundll32.exe	28
PID 880 wrote to memory of 916	880	rundll32.exe	28
PID 880 wrote to memory of 916	880	rundll32.exe	28
PID 880 wrote to memory of 916	880	rundll32.exe	28
PID 880 wrote to memory of 916	880	rundll32.exe	28
PID 880 wrote to memory of 916	880	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\327154cb32a9aad108ab9cedb964b01728b0c379cff92681b06251f7ae74b847.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\327154cb32a9aad108ab9cedb964b01728b0c379cff92681b06251f7ae74b847.dll,#1
  2⤵
  PID:916

memory/916-54-0x0000000000000000-mapping.dmp

Download
memory/916-55-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download