3f46af739d10218b6164691a01e880f8dd6fdba210a6593f057e867990f73584

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 03:37

Target

3f46af739d10218b6164691a01e880f8dd6fdba210a6593f057e867990f73584.dll
Size

99KB
MD5

8039166f56d43b95a10cc3cdaa18f030
SHA1

5b77c2d23e738daac5448740589fe36cc65f98e9
SHA256

3f46af739d10218b6164691a01e880f8dd6fdba210a6593f057e867990f73584
SHA512

29594b14e4e889a8d53a94642070cea63bff4a19b9dc2e757f9941de72ae3d82c3ccf68a04cb3fd58cf9664501ab4dc8a2d9160e184d15799af9e8b1c8a3250f
SSDEEP

1536:XrEzMwFTZ/2AINge4/wRdPezW/4EezdZhUtFQCv0Y0y3r3SUW:AzPF9//e4wRgW/4PZZhUAC8y3bs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f46af739d10218b6164691a01e880f8dd6fdba210a6593f057e867990f73584.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f46af739d10218b6164691a01e880f8dd6fdba210a6593f057e867990f73584.dll,#1
  2⤵
  PID:1120

memory/1120-54-0x0000000000000000-mapping.dmp

Download
memory/1120-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download