648b9d76d795efd08f036b888fcf84a57ccd80d008dbed27bc5f5d93ebb70cb2

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 19:59

Target

648b9d76d795efd08f036b888fcf84a57ccd80d008dbed27bc5f5d93ebb70cb2.dll
Size

65KB
MD5

f69069c1a0c6db6665557d7a1aeeb9b0
SHA1

b24350ed337946b646e3a5a0316e940b1bf84702
SHA256

648b9d76d795efd08f036b888fcf84a57ccd80d008dbed27bc5f5d93ebb70cb2
SHA512

b4213807a680246bd58aeea5ca37661fb3017191e12bc815a0b6de006aef8a5be89eebf8ab248a2b0b6cf99df6b91feb59e4dcf18c78d9813817e5ba36cf4a6f
SSDEEP

1536:1zExMwCGQ2j0xY8155tvfUEAXX7QEIE0g:1I+wCGvYYknJfjAXllB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\648b9d76d795efd08f036b888fcf84a57ccd80d008dbed27bc5f5d93ebb70cb2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\648b9d76d795efd08f036b888fcf84a57ccd80d008dbed27bc5f5d93ebb70cb2.dll,#1
  2⤵
  PID:944

memory/944-54-0x0000000000000000-mapping.dmp

Download
memory/944-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download