bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 18:21

Target

bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll
Size

48KB
MD5

22fda62b6ec4809f9537f54883f51812
SHA1

58c5272f9aa01d8c6e119fe70d6064affebf6a8b
SHA256

bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9
SHA512

83e5ba8b671cc0bc1834e13baae105afd60e679f57da577226fa2f66939590e0ca2f27982ec597f79b0888efaf49a120fd675da10773c0463cbd6e4e9a5ae4db
SSDEEP

768:AWt01kvd3EK+XuNY5yas6hrBygBtFn5B9FNERvsDPf08EMY6wQOZq0FuZ8:/Qkh1++GK6hsgn5B9b9P8MYrQOZq+u6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll,#1
  2⤵
  PID:1700

memory/1700-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download
memory/1700-56-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/1700-57-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download