c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4

Analysis

max time kernel
36s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:29

Target

c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4.dll
Size

51KB
MD5

ed03f2b8d0138ad1f9e828c6ed286a7d
SHA1

f435036f36d076958c506a059197c21fadb3f6ed
SHA256

c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4
SHA512

bf36402faa119a55b2b8b52e3812e168382cd311d47868de75f588b46d1d05f3feea910561cb5aaed322c0abefb1b16b286a34a14b640703c868dc4502ced81f
SSDEEP

768:IykIwePd8g7dHTRW3G/FFMs9ociyZGvCudEnDeJG8KG+swke29/:IykzkagNRW3cMs9oda6GKmP3U9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4.dll,#1
  2⤵
  PID:1772

memory/1772-55-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download
memory/1772-56-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1772-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1772-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download