6fb0ad3f756b5d1f871cf34c3e4ea47cb34643cd17709a09c25076c400313adf

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-01-2023 19:31

Target

3ec45659c2bc03e9e1a4d54d0476c06fe3ebfef8.dll
Size

1.4MB
MD5

3e1b04282d2d7d5b48a6de81c34a564f
SHA1

3ec45659c2bc03e9e1a4d54d0476c06fe3ebfef8
SHA256

6fb0ad3f756b5d1f871cf34c3e4ea47cb34643cd17709a09c25076c400313adf
SHA512

a098efa2533cab955377480aedb81937fc5cb8caa84260528d309cd13ddfa7b1a28155d36355cb38f369d30e20125df50a6523884c152359c6b53655cf1a39d0
SSDEEP

24576:gsZLRYbIQfH9mE91jsNQtQ5dIiu0WdzVt8UoBWpCN2CmazALe7WzpmV:g8LRYb3HzePlu0wgKetqKWVm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 1724	872	rundll32.exe	27
PID 872 wrote to memory of 1724	872	rundll32.exe	27
PID 872 wrote to memory of 1724	872	rundll32.exe	27
PID 872 wrote to memory of 1724	872	rundll32.exe	27
PID 872 wrote to memory of 1724	872	rundll32.exe	27
PID 872 wrote to memory of 1724	872	rundll32.exe	27
PID 872 wrote to memory of 1724	872	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ec45659c2bc03e9e1a4d54d0476c06fe3ebfef8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ec45659c2bc03e9e1a4d54d0476c06fe3ebfef8.dll,#1
  2⤵
  PID:1724

memory/1724-54-0x0000000000000000-mapping.dmp

Download
memory/1724-55-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

Filesize
8KB

Download
memory/1724-56-0x0000000010000000-0x0000000010175000-memory.dmp

Filesize
1.5MB

Download
memory/1724-57-0x0000000000730000-0x000000000084D000-memory.dmp

Filesize
1.1MB

Download
memory/1724-58-0x0000000000730000-0x00000000007F0000-memory.dmp

Filesize
768KB

Download
memory/1724-59-0x0000000000890000-0x000000000093A000-memory.dmp

Filesize
680KB

Download
memory/1724-62-0x0000000010000000-0x0000000010106000-memory.dmp

Filesize
1.0MB

Download