1108f3944af668a51849524b6ddd22dc1eada40bc939d9f374d7a1911b7c5259

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 07:05

Target

1108f3944af668a51849524b6ddd22dc1eada40bc939d9f374d7a1911b7c5259.dll
Size

111KB
MD5

9bcb3242cd09b1d60072c1f3079ac190
SHA1

e46a5288ae82829ddcfc404086c09d2923b0092f
SHA256

1108f3944af668a51849524b6ddd22dc1eada40bc939d9f374d7a1911b7c5259
SHA512

0e70ad6c71fc02557fc6ce8a95ed4499cfdec620b2633d688ce87b8c7b271cdca6a4b92c1a2249c8ccb2a596c7ae97f513ef4099ecc874d9068322f34f448e55
SSDEEP

3072:hZqucz+dKaZdt42qVJPtVp158/9zIZdKI1q:hg2Jzt45V3ry9zIZMI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1108f3944af668a51849524b6ddd22dc1eada40bc939d9f374d7a1911b7c5259.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1108f3944af668a51849524b6ddd22dc1eada40bc939d9f374d7a1911b7c5259.dll,#1
  2⤵
  PID:2000

memory/2000-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/2000-56-0x0000000000140000-0x000000000014F000-memory.dmp

Filesize
60KB

Download
memory/2000-57-0x00000000001B0000-0x00000000001CF000-memory.dmp

Filesize
124KB

Download