bee2c2d1c40aea040ff87e7becc038d11cf585129801755b97032724631d421d

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 14:03

Target

bee2c2d1c40aea040ff87e7becc038d11cf585129801755b97032724631d421d.dll
Size

78KB
MD5

79e2f861fba9eeae54de93b70039a218
SHA1

5c087a9244df55ebc4e623bf2f4d8de5749c8722
SHA256

bee2c2d1c40aea040ff87e7becc038d11cf585129801755b97032724631d421d
SHA512

261def086f76d6c53f2eae0c57242643e760049eab964832be9f6bd14d3e9772cfbba4ac9bcd2328027d59d1d5c8e6479d2ee548ad2624b6dfd105455b5fa3f9
SSDEEP

1536:dXNW79RvOIpWiTYEx1hX2rXLHcrplhGvdocSq1EYKx1stFQTw:9NWZRv7WiTYu10bHcVlRq1ArstFZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1928	948	rundll32.exe	28
PID 948 wrote to memory of 1928	948	rundll32.exe	28
PID 948 wrote to memory of 1928	948	rundll32.exe	28
PID 948 wrote to memory of 1928	948	rundll32.exe	28
PID 948 wrote to memory of 1928	948	rundll32.exe	28
PID 948 wrote to memory of 1928	948	rundll32.exe	28
PID 948 wrote to memory of 1928	948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bee2c2d1c40aea040ff87e7becc038d11cf585129801755b97032724631d421d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bee2c2d1c40aea040ff87e7becc038d11cf585129801755b97032724631d421d.dll,#1
  2⤵
  PID:1928

memory/1928-54-0x0000000000000000-mapping.dmp

Download
memory/1928-55-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/1928-56-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/1928-57-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download