43d22d85510d2541941d25aa095d3d04fb9ed52ea93c38ec3e4541a810d26541

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-01-2023 10:42

Target

c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc.dll
Size

2.0MB
MD5

4eb0347e66fa465f602e52c03e5c0b4b
SHA1

fdfedb72614d10766565b7f12ab87f1fdca3ea81
SHA256

c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc
SHA512

4c909a451059628119f92b2f0c8bcd67b31f63b57d5339b6ce8fd930be5c9baf261339fdd9da820321be497df8889ce7594b7bfaadbaa43c694156651bf6c1fd
SSDEEP

49152:FtDCT6XR9MsiubS8JDv6BzxllWR08G2rBqPnkvZ4yEuuk:FQW/DiubdJL6BzxlY08G2rBqPnkJ

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

rundll32.exe

pid process

2028 rundll32.exe

pid	process
2028	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 980 wrote to memory of 2028	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2028	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2028	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2028	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2028	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2028	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2028	980	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028

memory/2028-54-0x0000000000000000-mapping.dmp

Download
memory/2028-55-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download