41066380b0733b27ad405312c2eaabace20660e47827dc6f9e7b8f8cda1b379e

Analysis

max time kernel
3s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 01:05

Target

41066380b0733b27ad405312c2eaabace20660e47827dc6f9e7b8f8cda1b379e.dll
Size

67KB
MD5

40fad1067c477b229a77b6f5d1b705cd
SHA1

36baf350012cdc1a916c9ab9010ee288b72e2f2f
SHA256

41066380b0733b27ad405312c2eaabace20660e47827dc6f9e7b8f8cda1b379e
SHA512

ba75169904c43a734d0aa114a008cdd3a2f9595c85ac8fec48de80d54dedda93cd5cc472747d55f424211e1bb5812420b1ea276414c11a21ea35e6bf4ece61a2
SSDEEP

1536:8nrxDussGn4AAejPC7Mp/c+HJgKKtLhVuDvRP+:y6tV0pk+pgRLPuD5+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 364	736	rundll32.exe	28
PID 736 wrote to memory of 364	736	rundll32.exe	28
PID 736 wrote to memory of 364	736	rundll32.exe	28
PID 736 wrote to memory of 364	736	rundll32.exe	28
PID 736 wrote to memory of 364	736	rundll32.exe	28
PID 736 wrote to memory of 364	736	rundll32.exe	28
PID 736 wrote to memory of 364	736	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41066380b0733b27ad405312c2eaabace20660e47827dc6f9e7b8f8cda1b379e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41066380b0733b27ad405312c2eaabace20660e47827dc6f9e7b8f8cda1b379e.dll,#1
  2⤵
  PID:364

memory/364-54-0x0000000000000000-mapping.dmp

Download
memory/364-55-0x0000000075B61000-0x0000000075B63000-memory.dmp

Filesize
8KB

Download