318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381

Analysis

max time kernel
19s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 04:06

Target

318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
Size

92KB
MD5

0eb8fc81bf46bc4335590cc55ac48d61
SHA1

15c6500c0a25ef1bb49a38a2df933d89760b4a9b
SHA256

318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381
SHA512

0edfd5047dbdc697abd5cc9d4c1d1be1b5de76f020db46ec1862eb07e3008ff6a4fa515580cac6d8dbb2bcfd493c35a5945f377ea2d52db4730126f905856101
SSDEEP

1536:yey7v0e15WPnM2tJjK2SCE58ecuuGsFZD6QXHhAk/tDLeV:yeyr/15eVKbCEBuGsFZDzXBAk/tDLeV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1788 wrote to memory of 2040	1788	rundll32.exe	rundll32.exe
PID 1788 wrote to memory of 2040	1788	rundll32.exe	rundll32.exe
PID 1788 wrote to memory of 2040	1788	rundll32.exe	rundll32.exe
PID 1788 wrote to memory of 2040	1788	rundll32.exe	rundll32.exe
PID 1788 wrote to memory of 2040	1788	rundll32.exe	rundll32.exe
PID 1788 wrote to memory of 2040	1788	rundll32.exe	rundll32.exe
PID 1788 wrote to memory of 2040	1788	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#1
2⤵
PID:2040

memory/2040-54-0x0000000000000000-mapping.dmp

Download
memory/2040-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download