81d91812d3ef71aa59d2c486bba5d03ca2fe630bfad0f760c758ff22e0edeb19

Analysis

max time kernel
224s
max time network
334s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 02:18

Target

81d91812d3ef71aa59d2c486bba5d03ca2fe630bfad0f760c758ff22e0edeb19.dll
Size

50KB
MD5

0d7212e679b27d7317b1eeddf1dc30f7
SHA1

add38d7f60cb031515318e861b4ceae75072c652
SHA256

81d91812d3ef71aa59d2c486bba5d03ca2fe630bfad0f760c758ff22e0edeb19
SHA512

f5ac338e4639971b7af6d772df37ba443f4913cb843a8be1c4beb3e2ff6ee6b33abff1f02a1c63dc5d070307e01f40fec0ef790ad2b9e4857be3c6985b7238e6
SSDEEP

768:szM2xVVVW4W34c8X6yX0uQOWoMQIwwlVSgu3Bp2y2bUlhafhi5nqEJQLpPtJsK51:V2bDxWMXV+JVSgs27QlYfh6JJQJzhoLs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 1508	1032	rundll32.exe	28
PID 1032 wrote to memory of 1508	1032	rundll32.exe	28
PID 1032 wrote to memory of 1508	1032	rundll32.exe	28
PID 1032 wrote to memory of 1508	1032	rundll32.exe	28
PID 1032 wrote to memory of 1508	1032	rundll32.exe	28
PID 1032 wrote to memory of 1508	1032	rundll32.exe	28
PID 1032 wrote to memory of 1508	1032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\81d91812d3ef71aa59d2c486bba5d03ca2fe630bfad0f760c758ff22e0edeb19.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\81d91812d3ef71aa59d2c486bba5d03ca2fe630bfad0f760c758ff22e0edeb19.dll,#1
  2⤵
  PID:1508

memory/1508-54-0x0000000000000000-mapping.dmp

Download
memory/1508-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download