afc9b70cd588f3d122c063e4fdc54ee37b6e681fd8107707432d78f18ce2f3e8

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 19:26

Target

afc9b70cd588f3d122c063e4fdc54ee37b6e681fd8107707432d78f18ce2f3e8.dll
Size

232KB
MD5

1f35c1e299d36b6121bac6b6daf3da18
SHA1

d425d5e7f2376e05008314ed8ffe9fafa305b520
SHA256

afc9b70cd588f3d122c063e4fdc54ee37b6e681fd8107707432d78f18ce2f3e8
SHA512

2646ebcdf54c2e655aa158efdac3252934fb39e26e8425581790e7bb602cafb6a0a3f69f55298d6a10712a2c78946a42cb7a7bdbe70246a46a69a28a532263e1
SSDEEP

6144:elcHzRiceytM0AEBLlgFD+wXdDs/gzQxB+:eyzRic60zBLlg9+w2/gExB+

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
992	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afc9b70cd588f3d122c063e4fdc54ee37b6e681fd8107707432d78f18ce2f3e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afc9b70cd588f3d122c063e4fdc54ee37b6e681fd8107707432d78f18ce2f3e8.dll,#1
  2⤵
  - Loads dropped DLL
  PID:992

\Users\Admin\AppData\Local\Temp\rbtkmpdjnmgo.dll

Filesize
160KB

MD5
1d7e76e1f2239df3ac2906f58a8ae6a2

SHA1
d2faf2fe676bd591213c420206ca89557e990be7

SHA256
c6338c41859bbc2dc02bd34c25044d0a7f3d08a1fd94403d76e72eea8dba89b1

SHA512
6c9b6441af6546c37cdb794cfadd696a62491fa05cad27e4bfca375f9d23de4e7051889e99965cba73f3963bb3aa7e725f86ab1d669bdff5e932dd88a8889711

Download Submit
memory/992-54-0x0000000000000000-mapping.dmp

Download
memory/992-55-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/992-56-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/992-57-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/992-59-0x00000000001B0000-0x00000000001DA000-memory.dmp

Filesize
168KB

Download
memory/992-60-0x00000000001B0000-0x00000000001DA000-memory.dmp

Filesize
168KB

Download
memory/992-61-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/992-62-0x00000000001B0000-0x00000000001DA000-memory.dmp

Filesize
168KB

Download
memory/992-63-0x00000000001B0000-0x00000000001DA000-memory.dmp

Filesize
168KB

Download