665c516b4991a17c8855be0212475a596d9e3c950647de295609f67006a12f79

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-02-2023 08:43

Target

665c516b4991a17c8855be0212475a596d9e3c950647de295609f67006a12f79.dll
Size

489KB
MD5

c1307588b8fcaf88a9dcc8ec5a8f4914
SHA1

e8a43d2345ee16b5b1700e73df456976c87a1e01
SHA256

665c516b4991a17c8855be0212475a596d9e3c950647de295609f67006a12f79
SHA512

90c2804a3c4ef0921a671edbc77e997e9fdf0cdb7f45bb9ca832b3cbba7b9550f3bf3f43a11d85ac419e80960f1985899021ccf35114c7b872725c8fd06e7598
SSDEEP

6144:kezmaNM0PDys8/pjXRWcouFI1RjCwQegVHMY9JXylTh4nZjxlu06bBsqgn+aCONQ:kezYpjBWlTCjVtBRu/DwWKqC1bBcVh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1968 wrote to memory of 892	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 892	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 892	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 892	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 892	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 892	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 892	1968	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\665c516b4991a17c8855be0212475a596d9e3c950647de295609f67006a12f79.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\665c516b4991a17c8855be0212475a596d9e3c950647de295609f67006a12f79.dll,#1
2⤵
PID:892

memory/892-54-0x0000000000000000-mapping.dmp

Download
memory/892-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/892-56-0x0000000060800000-0x000000006090B000-memory.dmp

Filesize
1.0MB

Download