c8433dc6d6bee313341edd44757d63e760452f5552ea0e10af4712a46bcbe1d9

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 17:52

Target

c8433dc6d6bee313341edd44757d63e760452f5552ea0e10af4712a46bcbe1d9.dll
Size

56KB
MD5

5c01cb6732ac8e090c34268565926d28
SHA1

137e7a226dad3035f5bd0e46841b6873b6cbec33
SHA256

c8433dc6d6bee313341edd44757d63e760452f5552ea0e10af4712a46bcbe1d9
SHA512

dc263fdbe05f07dd3bf147a0e226d3a020533345bbfbe04d96fabaa935e2321fc7648893d44d0088d01a51c3fdbc17a826906fac74eba52536876c868b2e04d8
SSDEEP

768:5KmvW6xaUjnHy6Qlyp+pEFNT5MsnnYhhL7DLXo9Dy8I:0mOwTnHyWp+Sb5NYL/o48

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8433dc6d6bee313341edd44757d63e760452f5552ea0e10af4712a46bcbe1d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8433dc6d6bee313341edd44757d63e760452f5552ea0e10af4712a46bcbe1d9.dll,#1
  2⤵
  PID:1944

memory/1944-54-0x0000000000000000-mapping.dmp

Download
memory/1944-55-0x00000000753C1000-0x00000000753C3000-memory.dmp

Filesize
8KB

Download