86bd5eb12d72153996e8e0de2b24207936bec830a149c12e9bcfdbe171033518

Analysis

max time kernel
10s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 09:34

Target

86bd5eb12d72153996e8e0de2b24207936bec830a149c12e9bcfdbe171033518.dll
Size

64KB
MD5

d9b87df23f9a6c8a541d206fcbbef236
SHA1

40cb1edf2d77a1da9e1dc1785c6da98226fe2717
SHA256

86bd5eb12d72153996e8e0de2b24207936bec830a149c12e9bcfdbe171033518
SHA512

245c75e458455d5dbf8865212770de99aad25fb9a4077d53823c4f8db80375041cf8a23a7ba16d020b0296a1f0c70e364443c2a40f16acda1e06a77be916f3cb
SSDEEP

1536:Xapo2Aqj9jFHhuoqyxMeqv4JfYfkLqNxF7:XYjplAyMeMJfGqNb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 1360	1156	rundll32.exe	28
PID 1156 wrote to memory of 1360	1156	rundll32.exe	28
PID 1156 wrote to memory of 1360	1156	rundll32.exe	28
PID 1156 wrote to memory of 1360	1156	rundll32.exe	28
PID 1156 wrote to memory of 1360	1156	rundll32.exe	28
PID 1156 wrote to memory of 1360	1156	rundll32.exe	28
PID 1156 wrote to memory of 1360	1156	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\86bd5eb12d72153996e8e0de2b24207936bec830a149c12e9bcfdbe171033518.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\86bd5eb12d72153996e8e0de2b24207936bec830a149c12e9bcfdbe171033518.dll,#1
  2⤵
  PID:1360

memory/1360-54-0x0000000000000000-mapping.dmp

Download
memory/1360-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download