65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227

Analysis

max time kernel
48s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:01

Target

65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227.dll
Size

5KB
MD5

dc311c2c824e4a8ea5b438aa29313860
SHA1

06b1aa81e4e7a42db3d2246be98247c143c770f2
SHA256

65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227
SHA512

a3918c899e527f4a6ae7e705e151c165710e42932d5a2b309a2b97d2e3356636beec9636495f4f01655859cc46d734161b4f16207ba37d9570f2b58931e13f8c
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqSLlqbs2LW7xd:hy859x0P8MaSs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 1668	804	rundll32.exe	28
PID 804 wrote to memory of 1668	804	rundll32.exe	28
PID 804 wrote to memory of 1668	804	rundll32.exe	28
PID 804 wrote to memory of 1668	804	rundll32.exe	28
PID 804 wrote to memory of 1668	804	rundll32.exe	28
PID 804 wrote to memory of 1668	804	rundll32.exe	28
PID 804 wrote to memory of 1668	804	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227.dll,#1
  2⤵
  PID:1668

memory/1668-54-0x0000000000000000-mapping.dmp

Download
memory/1668-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download