8d93ca40aa62fdab0325d7a764c342c12bc23be9b375cd75ad7e2a4fc2460011

Analysis

max time kernel
33s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 17:18

Target

8d93ca40aa62fdab0325d7a764c342c12bc23be9b375cd75ad7e2a4fc2460011.dll
Size

43KB
MD5

0e668465669c151444e02288ebac49b9
SHA1

8ad380eebc1c7638c339d150eb8f849d23d0f3b0
SHA256

8d93ca40aa62fdab0325d7a764c342c12bc23be9b375cd75ad7e2a4fc2460011
SHA512

a0b3d4c341aefcbae5ea06def105df10f897d555a259c3cab6cf655b5118ff74d0de84715014916988684668dff0d57a49f814afde18c0184abe4cb9899b7585
SSDEEP

768:iIXNsHR/TR1mhThMaJcOTedJgsTRgHx7vPnGJsofk3CGn6WCQ0go9TMHN:4R/TR18dMa2OY7yRWsoBm3jopMH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 1992	1020	rundll32.exe	27
PID 1020 wrote to memory of 1992	1020	rundll32.exe	27
PID 1020 wrote to memory of 1992	1020	rundll32.exe	27
PID 1020 wrote to memory of 1992	1020	rundll32.exe	27
PID 1020 wrote to memory of 1992	1020	rundll32.exe	27
PID 1020 wrote to memory of 1992	1020	rundll32.exe	27
PID 1020 wrote to memory of 1992	1020	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d93ca40aa62fdab0325d7a764c342c12bc23be9b375cd75ad7e2a4fc2460011.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d93ca40aa62fdab0325d7a764c342c12bc23be9b375cd75ad7e2a4fc2460011.dll,#1
  2⤵
  PID:1992

memory/1992-54-0x0000000000000000-mapping.dmp

Download
memory/1992-55-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download