d0700a48e1297ad4e08f7031d94f87a50a01fe6d1d7ae5f1f19a5bd213d7af44

Analysis

max time kernel
47s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15/01/2023, 20:08 UTC

Target

d0700a48e1297ad4e08f7031d94f87a50a01fe6d1d7ae5f1f19a5bd213d7af44.dll
Size

1.2MB
MD5

9a0a0b773e479d0352d73f808f98fc6b
SHA1

730c7523af72febf6f5e6fccb8f927db1f77e8fb
SHA256

d0700a48e1297ad4e08f7031d94f87a50a01fe6d1d7ae5f1f19a5bd213d7af44
SHA512

1b8d4c102bc3db1be86ccb8268f9670e27858b3c91aa91f816576231e3eee759228125ba5a60bb6bd648450660f1bc37dd994536983167ab755aecacd24edefd
SSDEEP

24576:VMMT4aRDPp9/kj9lkk3UwSVvv+Po5emXvobZkUkEGyiTy7lstAR08xdBJuTINbV/:JBPTolkk32v5X6ZkAJcAR0UJuTINbVQl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1604	1388	rundll32.exe	28
PID 1388 wrote to memory of 1604	1388	rundll32.exe	28
PID 1388 wrote to memory of 1604	1388	rundll32.exe	28
PID 1388 wrote to memory of 1604	1388	rundll32.exe	28
PID 1388 wrote to memory of 1604	1388	rundll32.exe	28
PID 1388 wrote to memory of 1604	1388	rundll32.exe	28
PID 1388 wrote to memory of 1604	1388	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0700a48e1297ad4e08f7031d94f87a50a01fe6d1d7ae5f1f19a5bd213d7af44.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0700a48e1297ad4e08f7031d94f87a50a01fe6d1d7ae5f1f19a5bd213d7af44.dll,#1
  2⤵
  PID:1604

memory/1604-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download