965a78b7769711f1bf3f022a16ec3fb104a3e51721dc56af07d193031c87bba9

Analysis

max time kernel
11s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:55

Target

965a78b7769711f1bf3f022a16ec3fb104a3e51721dc56af07d193031c87bba9.dll
Size

24KB
MD5

f356595a10151e08e945fcff3c686930
SHA1

477a0cd6506267415596d638949e9f88f6b96c6b
SHA256

965a78b7769711f1bf3f022a16ec3fb104a3e51721dc56af07d193031c87bba9
SHA512

7380b91875163ad70fba750a383572d4cac6b4a182ca061a6299865c4ee7f7281fac42df456dc2589d83ae564cb4c5e6fd3637dd76c8158797754d72cff43e5d
SSDEEP

384:uRCJ8mkOMEPbqqCs3sgULbiRAnJqJGu2rQL9aC/o7k5mpuYKwmT63HEUKAOvo78B:PJ5zdDxF32xcJ92rQLz/9mAwmuXRiZWC

Score

4^/10

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\twain_86.dll	rundll32.exe
File opened for modification	C:\Windows\clbcatq.dll569646030	rundll32.exe
File opened for modification	C:\Windows\linkinfo.dll1586710282	rundll32.exe
File created	C:\Windows\linkinfo.dll	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 1400	1880	rundll32.exe	28
PID 1880 wrote to memory of 1400	1880	rundll32.exe	28
PID 1880 wrote to memory of 1400	1880	rundll32.exe	28
PID 1880 wrote to memory of 1400	1880	rundll32.exe	28
PID 1880 wrote to memory of 1400	1880	rundll32.exe	28
PID 1880 wrote to memory of 1400	1880	rundll32.exe	28
PID 1880 wrote to memory of 1400	1880	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\965a78b7769711f1bf3f022a16ec3fb104a3e51721dc56af07d193031c87bba9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\965a78b7769711f1bf3f022a16ec3fb104a3e51721dc56af07d193031c87bba9.dll,#1
  2⤵
  - Drops file in Windows directory
  PID:1400

memory/1400-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/1400-56-0x0000000074821000-0x0000000074823000-memory.dmp

Filesize
8KB

Download
memory/1400-57-0x0000000013140000-0x000000001314A000-memory.dmp

Filesize
40KB

Download