8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 05:36

Target

8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8.dll
Size

61KB
MD5

e31aa40df1b5be3487b4325b2da9bfb1
SHA1

80f65f72cf8cba22b2407d5f4c1039994b1ac7bf
SHA256

8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8
SHA512

1bfea1c4e0783bcedb7a894f63bc4a685c6e4151df8d3fbe554119931c0e1873f1d392594d39fdfc2d5bc2f42942a075f4b2dd105b4bf2bdf8d2e953af7df3bc
SSDEEP

1536:i1O18d/qFUB+GDAWCPypxQ1T5BJYBzWLgV5681ntiQ:ik1na+GsWKypxQ19kBz2gL68q

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1776	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

memory/1776-54-0x0000000000000000-mapping.dmp

Download
memory/1776-55-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download
memory/1776-56-0x0000000010000000-0x0000000010214000-memory.dmp

Filesize
2.1MB

Download
memory/1776-57-0x0000000010000000-0x0000000010214000-memory.dmp

Filesize
2.1MB

Download