d7931f55101c9d0c8b69af817be1f62178ff889103749d9d6f40a4e6180f8d70

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 22:43

Target

d7931f55101c9d0c8b69af817be1f62178ff889103749d9d6f40a4e6180f8d70.dll
Size

20KB
MD5

85914192f39a1b1c8c1173f3a127737e
SHA1

d6fc37e51a4e41b1d61cf15a250c2b6e49fab951
SHA256

d7931f55101c9d0c8b69af817be1f62178ff889103749d9d6f40a4e6180f8d70
SHA512

1ef511e2c93005aa6e22c002a3818650f656ab2497a2e417ddde7f9f346d5d69b262bca0ac6a4a3e466ab29c606ec815e70929b056b46f32c8a35bb677ef1d8c
SSDEEP

24:e1GSoSPXVE0VvyPryvuH//dGel9vV2RLtbU4iUCFoBgqPApx4ZDo/j:SrPlJVKuvy/lftmtiU/BBPADB7

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1748	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7931f55101c9d0c8b69af817be1f62178ff889103749d9d6f40a4e6180f8d70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7931f55101c9d0c8b69af817be1f62178ff889103749d9d6f40a4e6180f8d70.dll,#1
  2⤵
  - Deletes itself
  PID:1748

memory/1748-54-0x0000000000000000-mapping.dmp

Download
memory/1748-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download