2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04

Analysis

max time kernel
237s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 15:08

Target

2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll
Size

1.3MB
MD5

8a5667fea0602f8c99968ff0488e20db
SHA1

b29a8f2f1106cd21e6596d9248ec23714b016b76
SHA256

2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04
SHA512

fa54e204e045f0b82ca0e5ca57d7f5c239672c39e68783c3c224d81b74acf19a9a437523b93ccee7468424c0e5ca7592916583b732bd9caa87687af55640b4a4
SSDEEP

24576:ySuhSc+1GPFXxCWDb0OfdXAMYdj1ObWNt1y8CQ2a+YYQjb:Hm+12/DhVAnB19NKf1Qjb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1184 wrote to memory of 1768	1184	rundll32.exe	rundll32.exe
PID 1184 wrote to memory of 1768	1184	rundll32.exe	rundll32.exe
PID 1184 wrote to memory of 1768	1184	rundll32.exe	rundll32.exe
PID 1184 wrote to memory of 1768	1184	rundll32.exe	rundll32.exe
PID 1184 wrote to memory of 1768	1184	rundll32.exe	rundll32.exe
PID 1184 wrote to memory of 1768	1184	rundll32.exe	rundll32.exe
PID 1184 wrote to memory of 1768	1184	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll,#1
2⤵
PID:1768

memory/1768-54-0x0000000000000000-mapping.dmp

Download
memory/1768-55-0x0000000074FA1000-0x0000000074FA3000-memory.dmp

Filesize
8KB

Download