02eeed278bae11d9a2afd9293fbdd3fbc12918049f501dd91fc7c653663d95db

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 22:53

Target

Fotos.dll
Size

908KB
MD5

82f340ab0c2ada41d4b5be7e859db4ce
SHA1

a85ed3d4402d86688043df78c1f8e03959b1847a
SHA256

e599ad6972d8c255028d343ce17b7a3a951f0b88d4c72c423b395b4906b44534
SHA512

bc0b3da4121eb5c45fb93cd40785d13180d27e7a1f8eb7d1a62f9d2f7c526e8e34a35ec4084959acb278774ca160360d661abdebc12cdf0c110465370edf0dab
SSDEEP

12288:/RU+PnumcrlCE4aaQN+CULU52eQMalnTLfNz36VQTwTiJ888888888888W88888P:JEhn4aaQNHaK2eQXpl36VBTi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 580 wrote to memory of 1240	580	rundll32.exe	28
PID 580 wrote to memory of 1240	580	rundll32.exe	28
PID 580 wrote to memory of 1240	580	rundll32.exe	28
PID 580 wrote to memory of 1240	580	rundll32.exe	28
PID 580 wrote to memory of 1240	580	rundll32.exe	28
PID 580 wrote to memory of 1240	580	rundll32.exe	28
PID 580 wrote to memory of 1240	580	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fotos.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fotos.dll,#1
  2⤵
  PID:1240

memory/1240-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1240-56-0x0000000000890000-0x000000000097C000-memory.dmp

Filesize
944KB

Download