06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-02-2023 21:26

Target

06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll
Size

693KB
MD5

428a0c855cc1c1a37ca105bc4ffbc745
SHA1

9b231fb573ea9cd5c219cbc48f7e8ca07e38daf0
SHA256

06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97
SHA512

56188adc8a0647989df48c357d4fb9dc6056361d4c2d5755cc76d80c97683a0598afeff192528f8ad2f6a16696153e2e4680d2c5d05e6307bb320b3ca4d3e517
SSDEEP

12288:ZqNyulBgOrv0WUwDqjUi+/0N6XVy2BkBM6LfdFSI5jpsrcjxIRuTswtQSRESdgVH:ZqNdnrv0UmdgF4uAdFr1OrcvYEbYocEu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1096 wrote to memory of 1476	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1476	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1476	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1476	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1476	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1476	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1476	1096	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll,#1
2⤵
PID:1476

memory/1476-54-0x0000000000000000-mapping.dmp

Download
memory/1476-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1476-56-0x0000000001F00000-0x0000000002254000-memory.dmp

Filesize
3.3MB

Download