39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc

Analysis

max time kernel
16s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10-02-2023 20:01

Target

39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll
Size

107KB
MD5

f7e232691ebeb2a88d361703f98bd044
SHA1

eaff769eef60ce7ac76588f3392e1d40e75f25e8
SHA256

39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc
SHA512

0113f3e21113b9065d1f816d7d0bccf2738d8105bfa84523f91e123b9633580bff183c8dd33de3e40ee0385ff24926e5ce7b3d398560d1b27293b00c51faf04c
SSDEEP

1536:tPdB0xX3By4kWx8hBy1PT+LkNGAkPWa5HVRF83mOeW3qEQY0CBRxmztDpwo3:tVByXxfkWxuo1r+LRfPWqT83mEGCf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1092 wrote to memory of 1612	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1612	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1612	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1612	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1612	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1612	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1612	1092	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll,#1
2⤵
PID:1612

memory/1612-54-0x0000000000000000-mapping.dmp

Download
memory/1612-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download
memory/1612-56-0x0000000000200000-0x0000000000262000-memory.dmp

Filesize
392KB

Download
memory/1612-57-0x0000000000200000-0x0000000000262000-memory.dmp

Filesize
392KB

Download