729df2bbc3c36741ca383d255f8b695bef72888045f13057b562f98ccb55b0e2

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 04:54

Target

729df2bbc3c36741ca383d255f8b695bef72888045f13057b562f98ccb55b0e2.dll
Size

4KB
MD5

7d521f6dcc862b3847e4c47e52f1fbb0
SHA1

61138652872fa5b52936198555bca16688da6092
SHA256

729df2bbc3c36741ca383d255f8b695bef72888045f13057b562f98ccb55b0e2
SHA512

5e8014bebe1ae86e5b196d3e9f4ff6e3eb76fd255f92d57d689c9f98e89efe04e2bbdd00709b44027be211e35c93a1a700f43a6de926ef32320bd43f47575696
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKEwnTqBlUvcrdxdWL4PFyfOs+Ss9+kjjo:PT3r2vu9TwTrcrdxdiL+9dj0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1732	1436	rundll32.exe	27
PID 1436 wrote to memory of 1732	1436	rundll32.exe	27
PID 1436 wrote to memory of 1732	1436	rundll32.exe	27
PID 1436 wrote to memory of 1732	1436	rundll32.exe	27
PID 1436 wrote to memory of 1732	1436	rundll32.exe	27
PID 1436 wrote to memory of 1732	1436	rundll32.exe	27
PID 1436 wrote to memory of 1732	1436	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\729df2bbc3c36741ca383d255f8b695bef72888045f13057b562f98ccb55b0e2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\729df2bbc3c36741ca383d255f8b695bef72888045f13057b562f98ccb55b0e2.dll,#1
  2⤵
  PID:1732

memory/1732-54-0x0000000000000000-mapping.dmp

Download
memory/1732-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download