de63e22abef4b7234311be5c8c4d49050f4d5a86af3a2c1604a2700d711cfc44

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 03:12

Target

de63e22abef4b7234311be5c8c4d49050f4d5a86af3a2c1604a2700d711cfc44.dll
Size

56KB
MD5

fda9c9f452211563407ce6ba50913795
SHA1

8c33dc448aeeaf7377a20a0234386026b26d86a1
SHA256

de63e22abef4b7234311be5c8c4d49050f4d5a86af3a2c1604a2700d711cfc44
SHA512

7e65df5dbe2e23fbd1a1f0e3ee592367ed65c24ed27c5298538ef39d40b0d5855258fb29d308ed55c5c985ca0aa5baf6b03b8dcffc0c0825455a545479408431
SSDEEP

768:Gx4m7JNSll3dTG+YBh4KHgs8i23FDrGZgEgfo4h/ThC1Qp7SxdwltPMK+7IRkE6Y:Bm1NGJVGxTAs89doiVew8dwnyAkE6Y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de63e22abef4b7234311be5c8c4d49050f4d5a86af3a2c1604a2700d711cfc44.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\de63e22abef4b7234311be5c8c4d49050f4d5a86af3a2c1604a2700d711cfc44.dll,#1
  2⤵
  PID:1968

memory/1968-54-0x0000000000000000-mapping.dmp

Download
memory/1968-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download