89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 22:03

Target

89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6.dll
Size

70KB
MD5

b9e4abfa56990721d8d6954b404198ee
SHA1

2819810b456fc38908e1ed3715f925f2bf0e5720
SHA256

89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6
SHA512

d72607b7639d0609f4c6fb4e2e30859b502dd9376fc8b6d04b97da4bf98db7b91bb08a93547e60bb8d358b678ded93b31c596c0417e191bdf347a68fed194784
SSDEEP

1536:h6//9uORAesLQ7tu+lbbRqvHQS61Wi/p+7uRzbGvMy:h63AORAesktllbbUvw/1Wix+72Ry

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6.dll,#1
  2⤵
  PID:2008

memory/2008-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x00000000001D0000-0x000000000020F000-memory.dmp

Filesize
252KB

Download