793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 06:21

Target

793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll
Size

107KB
MD5

6a27d4ad6713af6f462720b0ac4fe2fd
SHA1

72e7ec6df89e73a3fd1549754ec66f4a4b75a4f7
SHA256

793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c
SHA512

ebeebf65aa0ad4c24f93412d04f97e766b5f33acf747a332e95a4bf304388ca07c15b90409e38c2ed3035cd3db3a7eb09eb9698832b585b6009f14e28ab110e7
SSDEEP

3072:uHxeB8gqjA+V/Dh/SGGCMoqnL6gjB6XXh5Gpsnk:uoB8gq7VbhhlIL6g96Btk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1444 wrote to memory of 756	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 756	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 756	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 756	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 756	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 756	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 756	1444	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll,#1
2⤵
PID:756

memory/756-54-0x0000000000000000-mapping.dmp

Download
memory/756-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download