76f524fdc4063cb1dd73605d9a3b158d8b97feab784d1c092ad7c2ab05ccf412

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:06 UTC

Target

76f524fdc4063cb1dd73605d9a3b158d8b97feab784d1c092ad7c2ab05ccf412.dll
Size

56KB
MD5

889b414dda22c31ca0dc671fbbee7134
SHA1

b033e3e4600482b763e93c58a9cd189ed97b2114
SHA256

76f524fdc4063cb1dd73605d9a3b158d8b97feab784d1c092ad7c2ab05ccf412
SHA512

8897cad322f9cd1a5e457716c52f52efa66189cc7389ab2054303beeb8da09a1885a1d9b01d6eeb0f95307d5366fc164c67edd21217f1da6177d453af90ae548
SSDEEP

1536:uwoq+LsVXPTteJSWWRnGYNYnu3UCoZruSaaM6:hN+oVXvWqGk3UCGuQt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76f524fdc4063cb1dd73605d9a3b158d8b97feab784d1c092ad7c2ab05ccf412.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\76f524fdc4063cb1dd73605d9a3b158d8b97feab784d1c092ad7c2ab05ccf412.dll,#1
  2⤵
  PID:1612

memory/1612-55-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download
memory/1612-56-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1612-57-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download