a4fd38b0fb8d33ef0a7ea5a46f26675a641ed5b00bd75be3dd37bf284b48d160

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
22-12-2022 17:43

Target

PayInfo/YouContractChanges.dll
Size

516KB
MD5

874fb02eba380d78258d115af2ec37eb
SHA1

0bd5b9b3ad2be9aa6e8d2386dd75bedba212c6ea
SHA256

2066c699cbe2bc6e5071cddb88eb27499ea405c41d6043ae47853282bd5190cd
SHA512

ec113b9fefd0de07e880d23e49da6b03fdd2d5b75103a1a28b83af1e792b2eb42e1657931d051b8a34603321e8694c4d4a89dbb372d635397e4b6783055a55b0
SSDEEP

6144:wiIqnct7uycRpLrFPQleGc2BpeQvfTiD3MJIyFX+OwjzK9y9KOc6rXPMATcBu:wihnctArBgRprvbiIIAuz19nTMAgc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 912 wrote to memory of 532	912	rundll32.exe	rundll32.exe
PID 912 wrote to memory of 532	912	rundll32.exe	rundll32.exe
PID 912 wrote to memory of 532	912	rundll32.exe	rundll32.exe
PID 912 wrote to memory of 532	912	rundll32.exe	rundll32.exe
PID 912 wrote to memory of 532	912	rundll32.exe	rundll32.exe
PID 912 wrote to memory of 532	912	rundll32.exe	rundll32.exe
PID 912 wrote to memory of 532	912	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PayInfo\YouContractChanges.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PayInfo\YouContractChanges.dll,#1
2⤵
PID:532

memory/532-54-0x0000000000000000-mapping.dmp

Download
memory/532-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download