b1ed5562abcc7b066165c5696c9df6f1c3fc1bcb84be1f0a0f43afe14e55d9ec

Analysis

max time kernel
43s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 07:41

Target

b1ed5562abcc7b066165c5696c9df6f1c3fc1bcb84be1f0a0f43afe14e55d9ec.dll
Size

356KB
MD5

c6f14b9bbc8eaf901080d768f3060bbd
SHA1

69f1f2b7b7a7545b5beefbcd16151fc69d61a725
SHA256

b1ed5562abcc7b066165c5696c9df6f1c3fc1bcb84be1f0a0f43afe14e55d9ec
SHA512

b1b1811d3a4eb910d813460ce02b02489f906f858bfd352bcc08769f12a814a6e1bb97f040c9d56662fdcafa958c385517f81a30ee966cac3fd7ee75532897b8
SSDEEP

6144:b+80uVfvLnWTwOVcYUzG5g/fK5rT8LPv+cYC1xWcjAOT5HWc1ASeT/WxCoQdYx14:b5VgV2PnbjAOT52OOWxOdM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 296	1140	rundll32.exe	28
PID 1140 wrote to memory of 296	1140	rundll32.exe	28
PID 1140 wrote to memory of 296	1140	rundll32.exe	28
PID 1140 wrote to memory of 296	1140	rundll32.exe	28
PID 1140 wrote to memory of 296	1140	rundll32.exe	28
PID 1140 wrote to memory of 296	1140	rundll32.exe	28
PID 1140 wrote to memory of 296	1140	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1ed5562abcc7b066165c5696c9df6f1c3fc1bcb84be1f0a0f43afe14e55d9ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1ed5562abcc7b066165c5696c9df6f1c3fc1bcb84be1f0a0f43afe14e55d9ec.dll,#1
  2⤵
  PID:296

memory/296-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/296-56-0x0000000010000000-0x000000001005D000-memory.dmp

Filesize
372KB

Download
memory/296-57-0x0000000000181000-0x0000000000191000-memory.dmp

Filesize
64KB

Download