79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8

Analysis

max time kernel
8s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 19:46

Target

79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll
Size

67KB
MD5

9fe364b483df847c8ce91390e01d6e18
SHA1

ed43b79e045744e463494072b94c97e58b1b5712
SHA256

79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8
SHA512

2f7546af12944fb84fa0f66ad3f33c00a5f1ad235ef233e220ec4b4dda42b838c6f99b32a071308e8a5538e5d19032dce0ced07b796d3d563a704d8f5506744a
SSDEEP

1536:/mP56G4fEqmbL6IeL5X3j8RLjqrzdVKy20rzrv0ui:/mUGnbeIeL5HIljEnD20rvv0ui

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2040 wrote to memory of 844	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 844	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 844	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 844	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 844	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 844	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 844	2040	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll,#1
2⤵
PID:844

memory/844-54-0x0000000000000000-mapping.dmp

Download
memory/844-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download