bad3e5cb25f10709e91bbe489adb2535aa7d8347c7f467d7f9b87f51d0e4f92a

Analysis

max time kernel
89s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:26

Target

bad3e5cb25f10709e91bbe489adb2535aa7d8347c7f467d7f9b87f51d0e4f92a.dll
Size

82KB
MD5

53a4ed15460912c58148a4009f8da265
SHA1

49b64961842c66746dce52a8e8b3d3e2ee94d640
SHA256

bad3e5cb25f10709e91bbe489adb2535aa7d8347c7f467d7f9b87f51d0e4f92a
SHA512

2ac3adff7f69a6bd2ef9d6e06bda1127b8e42667aea5bbde0bfcdebe3899ace21051f25cbada87f32f0ba35903760ddf5b48236e72d0c9d673dc7070c71d19fd
SSDEEP

1536:tksmsapPV5JIalyQSvLmjhlQhUGExAmUuQY06:esmsaprJIqSvLmjhlQUGEya06

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2040	1740	rundll32.exe	28
PID 1740 wrote to memory of 2040	1740	rundll32.exe	28
PID 1740 wrote to memory of 2040	1740	rundll32.exe	28
PID 1740 wrote to memory of 2040	1740	rundll32.exe	28
PID 1740 wrote to memory of 2040	1740	rundll32.exe	28
PID 1740 wrote to memory of 2040	1740	rundll32.exe	28
PID 1740 wrote to memory of 2040	1740	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad3e5cb25f10709e91bbe489adb2535aa7d8347c7f467d7f9b87f51d0e4f92a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad3e5cb25f10709e91bbe489adb2535aa7d8347c7f467d7f9b87f51d0e4f92a.dll,#1
  2⤵
  PID:2040

memory/2040-54-0x0000000000000000-mapping.dmp

Download
memory/2040-55-0x0000000075E81000-0x0000000075E83000-memory.dmp

Filesize
8KB

Download