e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f

Analysis

max time kernel
3s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 19:25

Target

e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll
Size

463KB
MD5

4fcc44f7047a7207004242dfc668eeef
SHA1

41634bc2cecc41907b1e8a6499cb5471215e8b21
SHA256

e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f
SHA512

537735a775258941e49400521e8b57af3289a3a8210be4bf059a6f2cf41a6f081d31df86021731283e92ff60bf4254520a57dd9541b261e3ff0293f4fff893a0
SSDEEP

6144:bow6oBYWZ8141KE88G2SF3I1bnsKiUjH/aplFwssacHf0NWK3JDejb+smNSlh:D6o6WZ814XNVbsKn4wEcHoWqDejb+b4h

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2032 wrote to memory of 1416	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 1416	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 1416	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 1416	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 1416	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 1416	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 1416	2032	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll,#1
2⤵
PID:1416

memory/1416-54-0x0000000000000000-mapping.dmp

Download
memory/1416-55-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download
memory/1416-56-0x0000000000340000-0x00000000003BD000-memory.dmp

Filesize
500KB

Download