f704c1948dabf45a780d2d85c91e14e9c33c1e2daae58ab243beb6fc55b8f464

Analysis

max time kernel
12s
max time network
36s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 16:01

Target

f704c1948dabf45a780d2d85c91e14e9c33c1e2daae58ab243beb6fc55b8f464.dll
Size

103KB
MD5

a1a868e461d70ac61f426f37845504fc
SHA1

02b8c880d35bdf7a98516452b82920b2b6c24390
SHA256

f704c1948dabf45a780d2d85c91e14e9c33c1e2daae58ab243beb6fc55b8f464
SHA512

a2a57db046a54b6498783017aea382273eb871ac0cc202962d9e20ea2ff4c35254dba2aa848c19dcf661d71df2b85c9072daf4a63bdc529a926d188f5ecb7068
SSDEEP

1536:IPmWNxhM46jqWiLhPDXuWeSBalEIobbn91VL3B/VOYcm85PafeIy:Ie4YdjL6bfR539f/D85Pafe1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 528	884	rundll32.exe	27
PID 884 wrote to memory of 528	884	rundll32.exe	27
PID 884 wrote to memory of 528	884	rundll32.exe	27
PID 884 wrote to memory of 528	884	rundll32.exe	27
PID 884 wrote to memory of 528	884	rundll32.exe	27
PID 884 wrote to memory of 528	884	rundll32.exe	27
PID 884 wrote to memory of 528	884	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f704c1948dabf45a780d2d85c91e14e9c33c1e2daae58ab243beb6fc55b8f464.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f704c1948dabf45a780d2d85c91e14e9c33c1e2daae58ab243beb6fc55b8f464.dll,#1
  2⤵
  PID:528

memory/528-54-0x0000000000000000-mapping.dmp

Download
memory/528-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download