f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3

Analysis

max time kernel
17s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 13:58

Target

f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3.dll
Size

640KB
MD5

b755b8867ba092d8242c993a79839d3a
SHA1

2d77fefa5f599da7fe5c0ed69b762a75d5d8ed7d
SHA256

f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3
SHA512

545bc1db840600ac902b58e9eee00828e6c81ce37abb7f22c54489f42db9468fe0c61887ae046ac61c1bab027ca0eb0e629e903353a0ed4c971849516c6e2e08
SSDEEP

12288:0aUK5J88T6F74oXh+G613/4JqmwhMI+TyHoS:0hc88T6ZXh+5vPryI+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 956	1224	rundll32.exe	28
PID 1224 wrote to memory of 956	1224	rundll32.exe	28
PID 1224 wrote to memory of 956	1224	rundll32.exe	28
PID 1224 wrote to memory of 956	1224	rundll32.exe	28
PID 1224 wrote to memory of 956	1224	rundll32.exe	28
PID 1224 wrote to memory of 956	1224	rundll32.exe	28
PID 1224 wrote to memory of 956	1224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f48fe70230def7f5e277468860e8ee34031dfe0b79be7c6c6fbc88732582a3c3.dll,#1
  2⤵
  PID:956

memory/956-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/956-56-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download
memory/956-57-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download