768b2f5ea20eda7e45139cfb3c3d52443d04b5f3b95f08cdc4c3e1b543b646fe

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 06:34

Target

768b2f5ea20eda7e45139cfb3c3d52443d04b5f3b95f08cdc4c3e1b543b646fe.dll
Size

288KB
MD5

d1f16e97623a7317ebcf2397e3f70601
SHA1

38fd7345286e23491d0d4043b5e7610614c28b23
SHA256

768b2f5ea20eda7e45139cfb3c3d52443d04b5f3b95f08cdc4c3e1b543b646fe
SHA512

87c2735bf9563131c5f8e7c1fe2a981e258760ad77927cb003116d46cda07889f74f680a34f281f7376069727a5e97f67a7840ffd2c9554ea287608b4c12037b
SSDEEP

6144:l8T3jz3WUbZkr53gQif2E6HE5Reio/tYO:l8jHmO+1ofzj5RJEaO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1324 wrote to memory of 1808	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1808	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1808	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1808	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1808	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1808	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1808	1324	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\768b2f5ea20eda7e45139cfb3c3d52443d04b5f3b95f08cdc4c3e1b543b646fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\768b2f5ea20eda7e45139cfb3c3d52443d04b5f3b95f08cdc4c3e1b543b646fe.dll,#1
2⤵
PID:1808

memory/1808-54-0x0000000000000000-mapping.dmp

Download
memory/1808-55-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download
memory/1808-56-0x00000000750B0000-0x00000000750F8000-memory.dmp

Filesize
288KB

Download
memory/1808-57-0x0000000075060000-0x00000000750A8000-memory.dmp

Filesize
288KB

Download
memory/1808-58-0x00000000750B0000-0x00000000750F8000-memory.dmp

Filesize
288KB

Download
memory/1808-59-0x0000000075060000-0x00000000750A8000-memory.dmp

Filesize
288KB

Download
memory/1808-60-0x0000000075060000-0x0000000075073000-memory.dmp

Filesize
76KB

Download