b259ae8df6f050d336cd3dd3e9b9b0a4167e1ce843cd11f0227bce4719f99b78

Analysis

max time kernel
45s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 13:59

Target

b259ae8df6f050d336cd3dd3e9b9b0a4167e1ce843cd11f0227bce4719f99b78.dll
Size

91KB
MD5

54537be30cf94dc682480b520a2ea860
SHA1

0e4a6811752ca0766bb13c3df117577edffaa236
SHA256

b259ae8df6f050d336cd3dd3e9b9b0a4167e1ce843cd11f0227bce4719f99b78
SHA512

af581c005d8736c77511e006ff0377bcb70a6ab639b0d10df5e5b0f732381d69893d4a791c6608c6c253bb1efc0218192705a4a29c49a376a2597418eb52da4c
SSDEEP

1536:2g3XHo8H4rUmQwjaGL7NL1IkkDh5tQpbtuU4jPSaUOnEZ+mwgp6viFXoSMOV67ns:pnI8H4YmQnGL7NL13ShQWVfE/w9viiSN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27
PID 948 wrote to memory of 988	948	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b259ae8df6f050d336cd3dd3e9b9b0a4167e1ce843cd11f0227bce4719f99b78.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b259ae8df6f050d336cd3dd3e9b9b0a4167e1ce843cd11f0227bce4719f99b78.dll,#1
  2⤵
  PID:988

memory/988-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download
memory/988-56-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/988-57-0x00000000001A0000-0x00000000001A8000-memory.dmp

Filesize
32KB

Download