1474db99b886e3ebd9d5eaae21c91afac08927917b5c36cdd422fe41323718fb

Analysis

max time kernel
29s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 19:57

Target

1474db99b886e3ebd9d5eaae21c91afac08927917b5c36cdd422fe41323718fb.dll
Size

63KB
MD5

6ad1b7981653db8c6492c5f69d40d9b0
SHA1

410c4d5d896225c26d4f68b8208aa61a65753fd5
SHA256

1474db99b886e3ebd9d5eaae21c91afac08927917b5c36cdd422fe41323718fb
SHA512

be26509d13ca4c06942883780948c5f6634d7973d77f9ae26b257b74048f30d69a88b0473b9ac11f6530072240b9fee1b1bd4d9a7c1d60a32e4ac6e521a604bb
SSDEEP

768:op1VqVQwL6diO9DnPHjGt1rw/iG/aBuqO6LBoaZ2SgUTgfeHVEJ/AsPAqGcEW2De:ob8Vwn/GE/iG/dq7BMSgUTcuO3RGrR2D

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 1048	1164	rundll32.exe	27
PID 1164 wrote to memory of 1048	1164	rundll32.exe	27
PID 1164 wrote to memory of 1048	1164	rundll32.exe	27
PID 1164 wrote to memory of 1048	1164	rundll32.exe	27
PID 1164 wrote to memory of 1048	1164	rundll32.exe	27
PID 1164 wrote to memory of 1048	1164	rundll32.exe	27
PID 1164 wrote to memory of 1048	1164	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1474db99b886e3ebd9d5eaae21c91afac08927917b5c36cdd422fe41323718fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1474db99b886e3ebd9d5eaae21c91afac08927917b5c36cdd422fe41323718fb.dll,#1
  2⤵
  PID:1048

memory/1048-54-0x0000000000000000-mapping.dmp

Download
memory/1048-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download