dd1cbfca8c2e3cc5852d38cc2921b654249a19f273d287dd3dfa2823e42d9798

Analysis

max time kernel
43s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 14:20

Target

dd1cbfca8c2e3cc5852d38cc2921b654249a19f273d287dd3dfa2823e42d9798.dll
Size

25KB
MD5

e2f3ba256946b9dc7220aa1707d9f560
SHA1

0db6987780550fe74c41e79bf954ba27d0a5030d
SHA256

dd1cbfca8c2e3cc5852d38cc2921b654249a19f273d287dd3dfa2823e42d9798
SHA512

fa39f2d7c1b1017a2e409fffc6667fac7048e721c33a2ec3ae12a6dfceffde0e49f71c850516b703fe0830ef7b43ea72f8ed6317130c91b1f532473e0171ee14
SSDEEP

384:LGNWb6WsjUiufju2IhVe1nW3AS/G9xoRdhb7lhCS3yjTqoa3oxtmlxRR8/:gWb64LC2IhI1sAS/axoRd9lhyHqE/ml6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 1160	1292	rundll32.exe	17
PID 1292 wrote to memory of 1160	1292	rundll32.exe	17
PID 1292 wrote to memory of 1160	1292	rundll32.exe	17
PID 1292 wrote to memory of 1160	1292	rundll32.exe	17
PID 1292 wrote to memory of 1160	1292	rundll32.exe	17
PID 1292 wrote to memory of 1160	1292	rundll32.exe	17
PID 1292 wrote to memory of 1160	1292	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd1cbfca8c2e3cc5852d38cc2921b654249a19f273d287dd3dfa2823e42d9798.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd1cbfca8c2e3cc5852d38cc2921b654249a19f273d287dd3dfa2823e42d9798.dll,#1
  2⤵
  PID:1160

memory/1160-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download
memory/1160-56-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download