35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f

Analysis

max time kernel
37s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 15:09

Target

35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f.dll
Size

150KB
MD5

1cb5b879df22321c0d0cbb881b4eb209
SHA1

83280f83ad0e519a900c5e964e8f6ec9ba682a23
SHA256

35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f
SHA512

8cf4ca4fe2dfda5de84417c190164077bc64231a1dd44a0e0adeb437cce68d43c6d298cc70ff07e8d164875cf6b07443e01d8110f360623474a907987a7499cb
SSDEEP

1536:H+UsINIJkuvfZ/AuwZnfiK1De0YiFi5IdKGm0+B1jJwmQRZChwvDH+nfw:GiyxvfGZfJDeYN/mN3EuW6fw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27
PID 1472 wrote to memory of 1116	1472	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35dcf7bdc7f5bbdface842b2566dd15e015bc8ca77d6031a531ef5b167ca798f.dll,#1
  2⤵
  PID:1116

memory/1116-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/1116-56-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download