dd5b8e70a1d488fd1b2c6a0aecab8b3ce40f348b84c626902bd4c8e513769241

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 16:19

Target

dd5b8e70a1d488fd1b2c6a0aecab8b3ce40f348b84c626902bd4c8e513769241.dll
Size

698KB
MD5

b582931d3145fa4deeb8f30d3b9e6eba
SHA1

afa4354b25dda157d757a40d5d68203cbac66946
SHA256

dd5b8e70a1d488fd1b2c6a0aecab8b3ce40f348b84c626902bd4c8e513769241
SHA512

6ad906ed0121ef4250b3475118e673428f89a06be040f605f8a50160dd3d143caec0f02d90b940f242ff69f1619278d0dcede49e2b1b454b1f9e7744fb8bdc93
SSDEEP

12288:6/5jfQY2nNVkNDOWzKOPXS5GscYoGbBgWk1YTBwr9NOW:c943kNDjPP2QIBgWk1YFwr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd5b8e70a1d488fd1b2c6a0aecab8b3ce40f348b84c626902bd4c8e513769241.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd5b8e70a1d488fd1b2c6a0aecab8b3ce40f348b84c626902bd4c8e513769241.dll,#1
  2⤵
  PID:2036

memory/2036-55-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x00000000006B0000-0x0000000000766000-memory.dmp

Filesize
728KB

Download