3bc7665a0a7abfb7a909b62bb0fd6eafbb7f4a0de7479f884a5bfb7f31452a84

Analysis

max time kernel
33s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 05:40

Target

3bc7665a0a7abfb7a909b62bb0fd6eafbb7f4a0de7479f884a5bfb7f31452a84.dll
Size

52KB
MD5

f2696df0be7e3f46e94dcc2414f4747e
SHA1

71f1bf1f3e5e261e621ef9e7976a7a4110e8f19f
SHA256

3bc7665a0a7abfb7a909b62bb0fd6eafbb7f4a0de7479f884a5bfb7f31452a84
SHA512

69b5b62fce97152e3814fcf334f438ec9ab96cb8a8a932c019b99283846552607173876e334a2027a3bd4491aa6bb1200da739197a80bef36fb9879c0643a574
SSDEEP

768:7TXGWn459EoM19zjSXrUakJKZDv9bOK5wlJGDrqq2KsXlnqHHiTTryShpn:3ntzSX4adBlCK56UDrqzlqHCTPbn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 1912	1020	rundll32.exe	27
PID 1020 wrote to memory of 1912	1020	rundll32.exe	27
PID 1020 wrote to memory of 1912	1020	rundll32.exe	27
PID 1020 wrote to memory of 1912	1020	rundll32.exe	27
PID 1020 wrote to memory of 1912	1020	rundll32.exe	27
PID 1020 wrote to memory of 1912	1020	rundll32.exe	27
PID 1020 wrote to memory of 1912	1020	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bc7665a0a7abfb7a909b62bb0fd6eafbb7f4a0de7479f884a5bfb7f31452a84.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bc7665a0a7abfb7a909b62bb0fd6eafbb7f4a0de7479f884a5bfb7f31452a84.dll,#1
  2⤵
  PID:1912

memory/1912-54-0x0000000000000000-mapping.dmp

Download
memory/1912-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download