db767504cc0a4959f4230ec2875988cd0b1f23e9c2087606993d02736ff2578b

Analysis

max time kernel
244s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 14:32

Target

db767504cc0a4959f4230ec2875988cd0b1f23e9c2087606993d02736ff2578b.dll
Size

95KB
MD5

21d7e446348def747c41365b3d86ef3b
SHA1

4e3936142277e078841f31aee1b1445e47b8e964
SHA256

db767504cc0a4959f4230ec2875988cd0b1f23e9c2087606993d02736ff2578b
SHA512

877c7f94a525daa4af029d82c37c40319db1370c7a7b92bcd1857c2ee05968d0ce559a37957d0b6bbccc91fc803af45ae56379f7dd0e8c42cfaa687ac058bee2
SSDEEP

1536:/YGGGBDexeOrAN0zor/uYaiwxcJ11fnwq0KTw+2Z0gNZTfY:/TGEAkNxuY3wxm1tnwqDTw+2Z0gNZTfY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 1028	748	rundll32.exe	28
PID 748 wrote to memory of 1028	748	rundll32.exe	28
PID 748 wrote to memory of 1028	748	rundll32.exe	28
PID 748 wrote to memory of 1028	748	rundll32.exe	28
PID 748 wrote to memory of 1028	748	rundll32.exe	28
PID 748 wrote to memory of 1028	748	rundll32.exe	28
PID 748 wrote to memory of 1028	748	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db767504cc0a4959f4230ec2875988cd0b1f23e9c2087606993d02736ff2578b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db767504cc0a4959f4230ec2875988cd0b1f23e9c2087606993d02736ff2578b.dll,#1
  2⤵
  PID:1028

memory/1028-55-0x0000000075E01000-0x0000000075E03000-memory.dmp

Filesize
8KB

Download