d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6

Analysis

max time kernel
11s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 12:34

Target

d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll
Size

524KB
MD5

5aaff2584315f689af917fc69fa83bf5
SHA1

d28cdc9588c902d67d375f723f7163eedb1ea857
SHA256

d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6
SHA512

016a845abd7e28b3e588d5dae74ee4a6541715fa21ebcc54897d1ba10b18d4e60887081b53b4014d66fcca97635cafc3e133461f59cf29162bde46a2c3aff07b
SSDEEP

12288:IvI07twZhHJguO9Xns3gy4dk+PZYDpidR97R6q7:bsQHJguO9XnXy4kuKdaR6C

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1356 wrote to memory of 1360	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1360	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1360	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1360	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1360	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1360	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1360	1356	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1356

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll,#1
2⤵
PID:1360

memory/1360-54-0x0000000000000000-mapping.dmp

Download
memory/1360-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1360-56-0x0000000000300000-0x000000000038D000-memory.dmp

Filesize
564KB

Download