46a66f8c84ec19b6227d07aa33af2dcd8c100b706f19b3ca797e72b224617297

Analysis

max time kernel
41s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/02/2023, 19:25

Target

77c3520bd6814c20a4487e6f6fd30a0b37f3861e.dll
Size

1.6MB
MD5

dd55065680f0c2ffb650d6ce1821ad88
SHA1

77c3520bd6814c20a4487e6f6fd30a0b37f3861e
SHA256

46a66f8c84ec19b6227d07aa33af2dcd8c100b706f19b3ca797e72b224617297
SHA512

001b5e9b258d2b2d112de6cf9522385c2fbafda0d826111f9d48506f6b2c6e7415fcd9372ced93dd06983ec6521483baddc7bbdd28e2ed37c9aaa905aae49201
SSDEEP

12288:MAZPe+plu7uwe241xreSAcefw3d3NhuYuJ7QJuucFIdudjlVnNfv80sWJf56Ihyv:MAZVp6j3HX5nx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 316	844	rundll32.exe	28
PID 844 wrote to memory of 316	844	rundll32.exe	28
PID 844 wrote to memory of 316	844	rundll32.exe	28
PID 844 wrote to memory of 316	844	rundll32.exe	28
PID 844 wrote to memory of 316	844	rundll32.exe	28
PID 844 wrote to memory of 316	844	rundll32.exe	28
PID 844 wrote to memory of 316	844	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77c3520bd6814c20a4487e6f6fd30a0b37f3861e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77c3520bd6814c20a4487e6f6fd30a0b37f3861e.dll,#1
  2⤵
  PID:316

memory/316-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download