90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361

Analysis

max time kernel
24s
max time network
29s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:26

Target

90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll
Size

66KB
MD5

be14c73288d51570a963237d0ec84906
SHA1

2788f02126aadf4249abb4e221510aceeb1e8678
SHA256

90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361
SHA512

d1023a1991247488a4598e5f32a29c103c67d8e83e8a3cd6defcd7688bb168117ede02cae8ab4b441711e19376b623e519f40a30ed5aeac65d2f56d421313953
SSDEEP

1536:Iykzkagyg+xVv/0qzBUn1+E61/SZaJYzGCE1NOBhUSejmW0:IFzkaTxtFU1+/1/SZaJYzGJfKUn0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 1224	1772	rundll32.exe	28
PID 1772 wrote to memory of 1224	1772	rundll32.exe	28
PID 1772 wrote to memory of 1224	1772	rundll32.exe	28
PID 1772 wrote to memory of 1224	1772	rundll32.exe	28
PID 1772 wrote to memory of 1224	1772	rundll32.exe	28
PID 1772 wrote to memory of 1224	1772	rundll32.exe	28
PID 1772 wrote to memory of 1224	1772	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll,#1
  2⤵
  PID:1224

memory/1224-55-0x0000000075291000-0x0000000075293000-memory.dmp

Filesize
8KB

Download
memory/1224-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1224-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download