fd431fd7767bc2d39f559d23045b34706b5b52b36001138393a6c54deae09d52

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 02:28

Target

fd431fd7767bc2d39f559d23045b34706b5b52b36001138393a6c54deae09d52.dll
Size

33KB
MD5

a08cbae6ca19487d75a02a595e3291ce
SHA1

2c464d0866544c6de0e86fb83599a7db67e51686
SHA256

fd431fd7767bc2d39f559d23045b34706b5b52b36001138393a6c54deae09d52
SHA512

b9377ff7f1b486280ea633a7c2d1b456e97ab3b893e824d5e8f3f4bc931bafc3946214f834c38fe1c810423fbaf3f49bac8f7130cf73ae60c6361f08a4db7733
SSDEEP

768:DSn1bTS2JZHNZCyxpzm7N6X7Lfdhh5hcD/4s+pR3zS2TkET:DSn1bTSypSu7LFhzC8s+pRjIY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28
PID 1992 wrote to memory of 788	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd431fd7767bc2d39f559d23045b34706b5b52b36001138393a6c54deae09d52.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd431fd7767bc2d39f559d23045b34706b5b52b36001138393a6c54deae09d52.dll,#1
  2⤵
  PID:788

memory/788-54-0x0000000000000000-mapping.dmp

Download
memory/788-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download