d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 22:51

Target

d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5.dll
Size

20KB
MD5

c956f06adb5f7a553a37f03681b84f72
SHA1

d1229265391ea5ee118d021fedd7cb36c4bee873
SHA256

d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5
SHA512

8c4bd0693b0fe16921b7a763fc8cdce584a9e6f36c22da75de0615f8a972b355fc2887aff59acae04d2d73b536f9949c6844da465cc451ed47222e949e0675c9
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplcsCAu8UaWHuqaTlX0wG:zfYh2oCtpXPcsx2OqaewG

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1876	rundll32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1876	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5.dll,#1
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1876

\Users\Admin\AppData\Local\Temp\4165.tmp

Filesize
20KB

MD5
cdf6e6b1e601a9a0aec06411c36f1a9c

SHA1
92230671e29fce8655082e58094ffe814fbe7c9e

SHA256
83985f6f9284166f33fb8bfdc5c5982f9074416ba71941ce4aab5d96668203bd

SHA512
6779e9fe14c114e360cd0316370eee81f3669a69a3eefe74d5132459399af5566c838e12eaad9d3a9789ec2bc46f4996d51eff2a3a1f8bd299d4d2ea74ca9b1c

Download Submit
memory/1876-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download