1c04230b6bb8fc5ce76b027405aa5fc35d90084664e0944b656edabffc8535a8

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 10:33

Target

1c04230b6bb8fc5ce76b027405aa5fc35d90084664e0944b656edabffc8535a8.dll
Size

52KB
MD5

35b114497c7e1293be908917cf505f60
SHA1

c1f46692b50d724707e949996f8d3223a07cd312
SHA256

1c04230b6bb8fc5ce76b027405aa5fc35d90084664e0944b656edabffc8535a8
SHA512

a7cc08f4b3ded38de31b8e5a58c89519d5c3abcf2778d2b1ec6521bf64ac60bbcf45046e185b19e8e6cb6145b45c226260575ae678b4927f5f1fd4d2b1b1ea42
SSDEEP

1536:xnpPKGn9p30VmCpqsc4gxBGHh/yQCneR7:BT9pEVmaqsGQB/yNeR7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c04230b6bb8fc5ce76b027405aa5fc35d90084664e0944b656edabffc8535a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c04230b6bb8fc5ce76b027405aa5fc35d90084664e0944b656edabffc8535a8.dll,#1
  2⤵
  PID:1112

memory/1112-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download