795d02bb21530ca412450da56bed27c34f922c9c6d904829869a7aa5b8b4acb9

Analysis

max time kernel
4s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 06:21

Target

795d02bb21530ca412450da56bed27c34f922c9c6d904829869a7aa5b8b4acb9.dll
Size

518KB
MD5

ee5e4fb9698d1e15f68197675058bea0
SHA1

c67fed0a0b8e04fee575518a26eeb48067c4f986
SHA256

795d02bb21530ca412450da56bed27c34f922c9c6d904829869a7aa5b8b4acb9
SHA512

405672b43e03ee4cebf8ec9469b600df180d129caac162f7515c1aa01850d981b48c4a1db32a796fe03240a4587df789e06248dd2eaca8577fc010d3755e46a0
SSDEEP

12288:2mVHD5733zLPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPfPfPf3fHfffffnfXfPfPPP/:2mVj5733zLPPPPPPPPPPPPPPPPPPPPPH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2028 wrote to memory of 1992	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1992	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1992	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1992	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1992	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1992	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1992	2028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\795d02bb21530ca412450da56bed27c34f922c9c6d904829869a7aa5b8b4acb9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\795d02bb21530ca412450da56bed27c34f922c9c6d904829869a7aa5b8b4acb9.dll,#1
  2⤵
  PID:1992

memory/1992-54-0x0000000000000000-mapping.dmp

Download
memory/1992-55-0x0000000076651000-0x0000000076653000-memory.dmp

Filesize
8KB

Download
memory/1992-56-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/1992-57-0x00000000000D0000-0x00000000000DF000-memory.dmp

Filesize
60KB

Download