b03bfa7dab68c3dd4c5368a6c4b7e37e770b22590106a2fe357b0920fa3ad5c2

Analysis

max time kernel
58s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 01:27

Target

b03bfa7dab68c3dd4c5368a6c4b7e37e770b22590106a2fe357b0920fa3ad5c2.dll
Size

134KB
MD5

7fb7c075006d7b51311595f19f54849f
SHA1

c505209095520a3d3d8f6419b5d253f4175f2980
SHA256

b03bfa7dab68c3dd4c5368a6c4b7e37e770b22590106a2fe357b0920fa3ad5c2
SHA512

1cd0a523da6083aad91792248e4d52b0e92540869a19bdd13890e9d276facff616ec404307450e659310686ff07f8cdca2f8352e011bf0dceb26ae10b19c49b4
SSDEEP

3072:CNyxvfGXqJsQKDZNc6nuPKc+hAed7Ygo:CNQfPw8+hAi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1312	1976	rundll32.exe	28
PID 1976 wrote to memory of 1312	1976	rundll32.exe	28
PID 1976 wrote to memory of 1312	1976	rundll32.exe	28
PID 1976 wrote to memory of 1312	1976	rundll32.exe	28
PID 1976 wrote to memory of 1312	1976	rundll32.exe	28
PID 1976 wrote to memory of 1312	1976	rundll32.exe	28
PID 1976 wrote to memory of 1312	1976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b03bfa7dab68c3dd4c5368a6c4b7e37e770b22590106a2fe357b0920fa3ad5c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b03bfa7dab68c3dd4c5368a6c4b7e37e770b22590106a2fe357b0920fa3ad5c2.dll,#1
  2⤵
  PID:1312

memory/1312-54-0x0000000000000000-mapping.dmp

Download
memory/1312-55-0x0000000075761000-0x0000000075763000-memory.dmp

Filesize
8KB

Download
memory/1312-56-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download