12a97140043e32e3a4f15bb9a17e16692d06c33cd56bb6d497ac6be2c5c02093

Analysis

max time kernel
35s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15-02-2023 21:27

Target

dll/DLL_MouseDeviceManager.dll
Size

86KB
MD5

d9e11a2ab50b4ff6ad95eee5fed3eb48
SHA1

30e177daebe525f8e5d9da07c890a6e32fe5840f
SHA256

a48d804c0732591b4c891ac2a7b32d0d627602b950fec30143a5dafd5aee103b
SHA512

93a5977b6fb1ce8b59ccaa9307ea7271b98168b8269a2b21d41a6de2d7826934c1f2aa83a72940d4feca7e2277419d4916a5d3a248e7134d915f756d8926d140
SSDEEP

768:rpdSwYh8NE7UOBBV5pTWfIitVFSPl3naQhHNe6c/6+twjEniABlXS7Vr9EDbDznF:O5pFvoIib6H46cRnfBir0DzeVC/P0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1944 wrote to memory of 1952	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1952	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1952	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1952	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1952	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1952	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1952	1944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dll\DLL_MouseDeviceManager.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dll\DLL_MouseDeviceManager.dll,#1
2⤵
PID:1952

memory/1952-54-0x0000000000000000-mapping.dmp

Download
memory/1952-55-0x00000000753C1000-0x00000000753C3000-memory.dmp

Filesize
8KB

Download