60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632

Analysis

max time kernel
239s
max time network
332s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 10:19

Target

60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll
Size

367KB
MD5

0ffc98ec767f93e0a9cd06a4c95be330
SHA1

adedd82d5b3163903edc3abc238ccd5901208634
SHA256

60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632
SHA512

5db3fa85ac13aaef52a5148af25a0466d7eff7f297abac19aee97200be7efd039e6f4d7186d55c112b95c79ba0ed95d554fe1b019925ca77397c1296215f2fe4
SSDEEP

6144:zNZCrlwwWfYfK1cicTUDzmO1AwO1wpefav3y5j36/vgyi7KNTtRlTxy:WJwwWfQK1WOOwpef6638vi7u9A

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 752 wrote to memory of 1488	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 1488	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 1488	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 1488	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 1488	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 1488	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 1488	752	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll,#1
2⤵
PID:1488

memory/1488-54-0x0000000000000000-mapping.dmp

Download
memory/1488-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download