01b3b9e5a15076b73e2ef75f376db6f7bd57555af597fd942e4eadd5b054ba8e

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:43

Target

01b3b9e5a15076b73e2ef75f376db6f7bd57555af597fd942e4eadd5b054ba8e.dll
Size

271KB
MD5

dd70f8417e49dadec47dfb2c608ebf30
SHA1

56b258b5ca67b903cedc45c9790fe7722c785fd1
SHA256

01b3b9e5a15076b73e2ef75f376db6f7bd57555af597fd942e4eadd5b054ba8e
SHA512

245479c7e817ef1d072f375686101d6a896146669c582bf25eeacc9bc7bf7501eb39ef75c9de731f2a2cb50b8a5cc6f5730490f5294594df57ce9ca048ce436d
SSDEEP

3072:InMoFkOKCg3CXmSSZlzgeBTg4vRPo5NNFs+XNtUU/chmcFTulOVq5pNO8ZCGbZvb:IMJOWK4l0wqOVq1VZvKTbKz9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01b3b9e5a15076b73e2ef75f376db6f7bd57555af597fd942e4eadd5b054ba8e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01b3b9e5a15076b73e2ef75f376db6f7bd57555af597fd942e4eadd5b054ba8e.dll,#1
  2⤵
  PID:2012

memory/2012-55-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download
memory/2012-56-0x0000000010000000-0x0000000010048000-memory.dmp

Filesize
288KB

Download