d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b

Analysis

max time kernel
37s
max time network
40s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:31

Target

d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b.dll
Size

73KB
MD5

0cffc6f81dccbc6bbe11fd0ecb39c1fc
SHA1

8f4b56f3fc752a7fef637835b531c651005c10de
SHA256

d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b
SHA512

29daa2fb0d9962932472fdf8007f99804fc8cc76df858d8af65cadf6ebd4d39ed777ba2e26c1c2d9e4450ba10b53f7d7f20710cb3083b864557a4fa666f41629
SSDEEP

1536:HKvv9jeCw6l9n+Eu2JvQAqYYj/lhl/43jWXWeZQnSb56HXbyHHUX27f:TSHu2thfYLZ43jWXhGK56HXE02

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b.dll,#1
  2⤵
  PID:1400

memory/1400-54-0x0000000000000000-mapping.dmp

Download
memory/1400-55-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download