389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 19:25

Target

389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d.dll
Size

52KB
MD5

7326ec26804cb9449f5d96300d64edc0
SHA1

779ce0a9a79a28c6ff415ff958527c48487ea808
SHA256

389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d
SHA512

2ee51fc7dec68cd7dc8fe2e6d9e5046580db6e8a392f21d924dffd0e55ba5360003b5df93f5db2c79496f3819ea34dc66d839c3220ab90e4a13bf913ab9ce2f6
SSDEEP

768:z3OHS8KOzHittwZnfX1QpulrjoM9BC9uLbOJ28+xDD/IDaoJnEAL2WNN8naxkKnT:yHZD6twypuxP9vp8+pD2AxWN2afZVV1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d.dll,#1
  2⤵
  PID:1204

memory/1204-54-0x0000000000000000-mapping.dmp

Download
memory/1204-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download