93817b15624c672bb84d09bec2b8c783206bdb160f06ec93cea2dc9d27e1857b

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-02-2023 21:01

Target

93817b15624c672bb84d09bec2b8c783206bdb160f06ec93cea2dc9d27e1857b.dll
Size

498KB
MD5

09271165a3b1e31d7a5a8043b01793ea
SHA1

69a3a9b47f7658cff9cff449197f23c77e8fcd69
SHA256

93817b15624c672bb84d09bec2b8c783206bdb160f06ec93cea2dc9d27e1857b
SHA512

b50bfb4989508f59d8ecdfed60cccaa03b930ecdef731b89e93d72ac5f00d1df45d9f027d87ededcdffe6a0dd0447a0f8420368c5fc0332ce4d1eae2761e0fff
SSDEEP

6144:SI8DG5XyfKX7OXgneGKO7B6n2G/ZGRYjjGiW5Covw8uBPR3nXH3nI4oYI4oYI4ou:SPnyXxnfKuB+GRYjjGBU8s4YID+T7UM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 988 wrote to memory of 368	988	rundll32.exe	rundll32.exe
PID 988 wrote to memory of 368	988	rundll32.exe	rundll32.exe
PID 988 wrote to memory of 368	988	rundll32.exe	rundll32.exe
PID 988 wrote to memory of 368	988	rundll32.exe	rundll32.exe
PID 988 wrote to memory of 368	988	rundll32.exe	rundll32.exe
PID 988 wrote to memory of 368	988	rundll32.exe	rundll32.exe
PID 988 wrote to memory of 368	988	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93817b15624c672bb84d09bec2b8c783206bdb160f06ec93cea2dc9d27e1857b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:988

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93817b15624c672bb84d09bec2b8c783206bdb160f06ec93cea2dc9d27e1857b.dll,#1
2⤵
PID:368

memory/368-54-0x0000000000000000-mapping.dmp

Download
memory/368-55-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download
memory/368-56-0x0000000002140000-0x000000000243D000-memory.dmp

Filesize
3.0MB

Download