87cc9762dfb54aef9fc01b60e8b45978cd0ba1129f9e6fd0d4de7431533bc42d

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 02:01

Target

87cc9762dfb54aef9fc01b60e8b45978cd0ba1129f9e6fd0d4de7431533bc42d.dll
Size

73KB
MD5

69dc32023676cd408fa987a1615970e0
SHA1

b0a26eb80528325458dbecf2e40b0adcfe9036e4
SHA256

87cc9762dfb54aef9fc01b60e8b45978cd0ba1129f9e6fd0d4de7431533bc42d
SHA512

78fbc122b77171fd8fa252197d5578164d7c784165f9a1ad66c3cc2e152c788ac2a941018a8ce493228bc84cd63d4068478b444a398242abb39004109012611b
SSDEEP

768:fu3kf4DbqW601Mugm7tyCob/2X2M1n6ru8tL2oVtDL0swkQD4AGyOBk1tCh5s67n:fu3tUGM36yFSgCYLLHDL0s8M35J1GW

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\windows\SysWOW64\p2pc.ini	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87cc9762dfb54aef9fc01b60e8b45978cd0ba1129f9e6fd0d4de7431533bc42d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87cc9762dfb54aef9fc01b60e8b45978cd0ba1129f9e6fd0d4de7431533bc42d.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:1744

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download