d06931a69a02b203872198bbccdc0ef3c6b1be34c485877dead39caa92e25878

Analysis

max time kernel
19s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 04:37

Target

d06931a69a02b203872198bbccdc0ef3c6b1be34c485877dead39caa92e25878.dll
Size

4KB
MD5

c70bac4be11fa6b072d385df5d3a3ae0
SHA1

d402a0a95e0c9b264bff06e495e0b741da6cb6e8
SHA256

d06931a69a02b203872198bbccdc0ef3c6b1be34c485877dead39caa92e25878
SHA512

a13cab85b9bcd18f8d20d6ffcce7860202eaea83511c0d45dc68628529e7e699761894321ebc67ca3f8e832b9c8e4a2ccd6d060a9f3e05cfc4c45cc66eaa8266
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKrGdoujby2DJNSQ9i+78NNKkAa/IX/qo:PT3r2vu9eGtjnDJEQYNXAa/I/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27
PID 1000 wrote to memory of 1696	1000	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d06931a69a02b203872198bbccdc0ef3c6b1be34c485877dead39caa92e25878.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d06931a69a02b203872198bbccdc0ef3c6b1be34c485877dead39caa92e25878.dll,#1
  2⤵
  PID:1696

memory/1696-54-0x0000000000000000-mapping.dmp

Download
memory/1696-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download