46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8

Analysis

max time kernel
20s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12-02-2023 20:09

Target

46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll
Size

1.3MB
MD5

e408643b442fb6c7c10c5304a9a38028
SHA1

e2d87ae4286037d332a3d83fc41a4f8e265c0551
SHA256

46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8
SHA512

8206994c0a5bdb81217af762fe0ad662a2e6d39aaf70f338a03a04cbcc55069646ea173b74d071eb56cd97961d8a53ff352c55bd0f6587319d8579d9611202db
SSDEEP

24576:hXkAqDNncmxzMjo2hgk/T+SKemGlP6XB4NHloWVjBK0qEyBzfKtWzuZjJ:hTqa63Wgk/TGefSCNKWt+EYimWt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 956 wrote to memory of 1520	956	rundll32.exe	rundll32.exe
PID 956 wrote to memory of 1520	956	rundll32.exe	rundll32.exe
PID 956 wrote to memory of 1520	956	rundll32.exe	rundll32.exe
PID 956 wrote to memory of 1520	956	rundll32.exe	rundll32.exe
PID 956 wrote to memory of 1520	956	rundll32.exe	rundll32.exe
PID 956 wrote to memory of 1520	956	rundll32.exe	rundll32.exe
PID 956 wrote to memory of 1520	956	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll,#1
2⤵
PID:1520

memory/1520-54-0x0000000000000000-mapping.dmp

Download
memory/1520-55-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download
memory/1520-56-0x0000000001FB0000-0x0000000002369000-memory.dmp

Filesize
3.7MB

Download