880953e6a42169d937386f95bd48939e8fbd3e3c238ab053de4dad86a4163d67

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 09:13

Target

880953e6a42169d937386f95bd48939e8fbd3e3c238ab053de4dad86a4163d67.dll
Size

488KB
MD5

615b558c27ed2b4b44c340d06d17ffc6
SHA1

8ce34721ac71600cfb51ba42f4fcf4c8718a0584
SHA256

880953e6a42169d937386f95bd48939e8fbd3e3c238ab053de4dad86a4163d67
SHA512

b7b20edabd38a67c0400e61e1462ab1e5b394b0495fdf2384e353f452ea2dffd31f57d03ae7da296823e8d3dedd78ae08a2391cf11ed060f0528693763692b87
SSDEEP

12288:X8pB5ZD1PiVRzNHPxeTkSWE3FfiUZMo6gSNE2gPIkmhUFv:XeB1+9xeLWE3FfYo65E2NkmWFv

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
684	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 684	1428	rundll32.exe	27
PID 1428 wrote to memory of 684	1428	rundll32.exe	27
PID 1428 wrote to memory of 684	1428	rundll32.exe	27
PID 1428 wrote to memory of 684	1428	rundll32.exe	27
PID 1428 wrote to memory of 684	1428	rundll32.exe	27
PID 1428 wrote to memory of 684	1428	rundll32.exe	27
PID 1428 wrote to memory of 684	1428	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\880953e6a42169d937386f95bd48939e8fbd3e3c238ab053de4dad86a4163d67.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\880953e6a42169d937386f95bd48939e8fbd3e3c238ab053de4dad86a4163d67.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:684

memory/684-55-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/684-56-0x0000000000870000-0x000000000098F000-memory.dmp

Filesize
1.1MB

Download
memory/684-57-0x0000000000870000-0x000000000098F000-memory.dmp

Filesize
1.1MB

Download
memory/684-58-0x0000000000870000-0x000000000098F000-memory.dmp

Filesize
1.1MB

Download
memory/684-59-0x0000000000870000-0x000000000098F000-memory.dmp

Filesize
1.1MB

Download