b63b11bc8f59ce7e929e82e42e66236385c9540a2a951553e95d7bee1d61dd9a

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:39

Target

b63b11bc8f59ce7e929e82e42e66236385c9540a2a951553e95d7bee1d61dd9a.dll
Size

139KB
MD5

902b8946075f9d4802c2b8ef37e8f5fd
SHA1

8979b1fd0384d4843b4094a5ddac0b83ca231b5b
SHA256

b63b11bc8f59ce7e929e82e42e66236385c9540a2a951553e95d7bee1d61dd9a
SHA512

0e2e7fc23a49b33fe18f8a140b6ca3111503d6f518ec5912f5cc8fe5d60dd3c82522f77557a71ac0be6c85def85e4f10dfabca9e33aec7c2ca7e9b0300c7db6e
SSDEEP

1536:GVqfVwBHU+cX+OoAbxthnPwhyUWXECuRb+WxKZzvtgCuVuTcNkRQ4lvA0LYSimsq:y00H/4tHQvYSRAf8Hnm/Rl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1160	1712	rundll32.exe	27
PID 1712 wrote to memory of 1160	1712	rundll32.exe	27
PID 1712 wrote to memory of 1160	1712	rundll32.exe	27
PID 1712 wrote to memory of 1160	1712	rundll32.exe	27
PID 1712 wrote to memory of 1160	1712	rundll32.exe	27
PID 1712 wrote to memory of 1160	1712	rundll32.exe	27
PID 1712 wrote to memory of 1160	1712	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b63b11bc8f59ce7e929e82e42e66236385c9540a2a951553e95d7bee1d61dd9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b63b11bc8f59ce7e929e82e42e66236385c9540a2a951553e95d7bee1d61dd9a.dll,#1
  2⤵
  PID:1160

memory/1160-54-0x0000000000000000-mapping.dmp

Download
memory/1160-55-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download
memory/1160-56-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download