d8c601acaf3e687449eeb022fd30aee7b667ff2809c9aefc897e2f4a25c39fb5

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 03:21

Target

d8c601acaf3e687449eeb022fd30aee7b667ff2809c9aefc897e2f4a25c39fb5.dll
Size

55KB
MD5

6760568aa3a2467ff963e3e5a8afaf13
SHA1

2d2beb549bc6c9d3e3885dc43e336521364b7c7a
SHA256

d8c601acaf3e687449eeb022fd30aee7b667ff2809c9aefc897e2f4a25c39fb5
SHA512

61cec1c1f361860598609f9432c74086db8922cfb38fd1df98930e373c1bc1f93932af692155bb509f1a4be0b4eea35aa2b795376d8175788822f0e2b88b6262
SSDEEP

1536:IykzkagGtjSlxIEpGIA+iFfUl12ExNekgn:IFzkaPtjwUIA+/f2CQH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8c601acaf3e687449eeb022fd30aee7b667ff2809c9aefc897e2f4a25c39fb5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8c601acaf3e687449eeb022fd30aee7b667ff2809c9aefc897e2f4a25c39fb5.dll,#1
  2⤵
  PID:1644

memory/1644-54-0x0000000000000000-mapping.dmp

Download
memory/1644-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1644-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1644-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download