c48606669e2c65680c6647319141dc8642fa9ab838f36cff1d66bfeaa3936ee9

Analysis

max time kernel
35s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 16:01

Target

c48606669e2c65680c6647319141dc8642fa9ab838f36cff1d66bfeaa3936ee9.dll
Size

20KB
MD5

2f9918a78ec8485ed7f1b2029b206ae8
SHA1

2a8e8b9bca044b9be24580fae8cccc00ad049d6e
SHA256

c48606669e2c65680c6647319141dc8642fa9ab838f36cff1d66bfeaa3936ee9
SHA512

0d771b4161b9dfbdf9613273ed8d178f3a7db582924efe2331819f73058a3f227b2c33987172a3e798d8448746b7f89fca3d348a4ce0ef861065569e64bb57f1
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XpleCAu8UaWHuqaTlX0wG:zfYh2oCtpXPex2OqaewG

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1116	rundll32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1116	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c48606669e2c65680c6647319141dc8642fa9ab838f36cff1d66bfeaa3936ee9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c48606669e2c65680c6647319141dc8642fa9ab838f36cff1d66bfeaa3936ee9.dll,#1
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1116

\Users\Admin\AppData\Local\Temp\4A69.tmp

Filesize
20KB

MD5
db7b4b11649f621fbe9926dc89dfe0d5

SHA1
58be19b7ba1bdff042c70ee2d31b536117aee17b

SHA256
70df6f98f073f91e2d61ae5555e0f85f8c7924c073d3a11f3be8f1385441ee5d

SHA512
3b387e23d1d8ea3c46b4a69e8d05f7ebdab2148bd1b0275dca7fb18456bafad31c98c86ec594322bee3142486384f25fab1075af97318969dfa767bf28d5d946

Download Submit
memory/1116-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download