d530b6c63c1c3651189346c1685dd28e07753325c913d5978293cbc62cb4f47e

Analysis

max time kernel
33s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 20:18

Target

d530b6c63c1c3651189346c1685dd28e07753325c913d5978293cbc62cb4f47e.dll
Size

6.4MB
MD5

628a0c78317dd3868e30740cb2ba2cf5
SHA1

52132c8ef465e7f5b7ba6793c0e13596fb1387c3
SHA256

d530b6c63c1c3651189346c1685dd28e07753325c913d5978293cbc62cb4f47e
SHA512

6592f77f1ea9b84c42aa261a74de804f49bdc975a9e10eff930ff64c05c05d9fda05c11ff20cbe344a766e4de4e3f82dff534f5cbcd84ea3543f268def4c5cdc
SSDEEP

1536:Bsc3ZQClsvD61hix2a6wKtr0koeKNb5Q5/JUr7GRk4YUsn1HUa:Oc3ZQCS7qiYtrorb5w/JUr7GRRYUs1f

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d530b6c63c1c3651189346c1685dd28e07753325c913d5978293cbc62cb4f47e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d530b6c63c1c3651189346c1685dd28e07753325c913d5978293cbc62cb4f47e.dll,#1
  2⤵
  PID:1400

memory/1400-54-0x0000000000000000-mapping.dmp

Download
memory/1400-55-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download