d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 07:01

Target

d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll
Size

416KB
MD5

794a6874ce8a64801936071b2f8bf524
SHA1

2f5103b739c59b2f97e4f574e8008eb47cdf78f4
SHA256

d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8
SHA512

996eb5c22a7c92288aaa3664a43511b92c05dbd095e69db1c2cd07e683d40b10c66a15f0cd79d4523d5a8fae007dd7a83a2ac75b522329007ebef4552a2ba72d
SSDEEP

12288:nl6PZwcJ05yalVvrsHsUcACu63RXn0dAbp1:l6hw+dalVvwMBACu0Mgp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 540	1048	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll,#1
2⤵
PID:540

memory/540-54-0x0000000000000000-mapping.dmp

Download
memory/540-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/540-56-0x0000000000750000-0x00000000007C0000-memory.dmp

Filesize
448KB

Download