c860cd97a8312eadc9a3f2d9b63e5e8f2b06fa1c87063823eb18e883298828c5

Analysis

max time kernel
2s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 06:07

Target

c860cd97a8312eadc9a3f2d9b63e5e8f2b06fa1c87063823eb18e883298828c5.dll
Size

163KB
MD5

f9b53f0209ea15c878e8dbee37a2a289
SHA1

387f94ca6e9574508db9145c6ba436b318f6fd87
SHA256

c860cd97a8312eadc9a3f2d9b63e5e8f2b06fa1c87063823eb18e883298828c5
SHA512

3810cf373a1c0522a3a52dd851f027c1db0288ff5efbb4a1702b8f4301523e92615f902c66f87887c31c8cf11fd972b7559a86533b5eb6be12ea1c31467b6cb5
SSDEEP

3072:MHVEk9YaXoLoZL1Zl4+OElbPdp/QSVH1Y6:M1jWaXo8YdExXVH15

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2036	1748	rundll32.exe	28
PID 1748 wrote to memory of 2036	1748	rundll32.exe	28
PID 1748 wrote to memory of 2036	1748	rundll32.exe	28
PID 1748 wrote to memory of 2036	1748	rundll32.exe	28
PID 1748 wrote to memory of 2036	1748	rundll32.exe	28
PID 1748 wrote to memory of 2036	1748	rundll32.exe	28
PID 1748 wrote to memory of 2036	1748	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c860cd97a8312eadc9a3f2d9b63e5e8f2b06fa1c87063823eb18e883298828c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c860cd97a8312eadc9a3f2d9b63e5e8f2b06fa1c87063823eb18e883298828c5.dll,#1
  2⤵
  PID:2036

memory/2036-54-0x0000000000000000-mapping.dmp

Download
memory/2036-55-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/2036-57-0x00000000000F0000-0x00000000000FA000-memory.dmp

Filesize
40KB

Download
memory/2036-61-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download