2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d

Analysis

max time kernel
150s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-02-2023 20:32

Target

2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d.dll
Size

1.9MB
MD5

39081b4d48dbeb8edb010011d19b6459
SHA1

50d42366c737cf85b34c75e55164c5894d1daa75
SHA256

2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d
SHA512

2eb0d4bc40f74e4f15794d1a84374b2a825b48dfd303d464c512af4e5470bc02ced608163f56930a328d3ec1be78dbc2f88176a9011eccdc0a50f9579a6c823a
SSDEEP

49152:qQC2JlwU21A2UU3hSbFcJxigZb8OEibWdag2TH7DXjK1:XCOkbUUagxgdibsadH7Dzs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1204 wrote to memory of 1272	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1272	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1272	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1272	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1272	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1272	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 1272	1204	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf782157b40715ae3479729dec97fdd961c266bd5509915d1729029e343432d.dll,#1
2⤵
PID:1272

memory/1272-54-0x0000000074520000-0x0000000074B44000-memory.dmp

Filesize
6.1MB

Download
memory/1272-55-0x0000000073EF0000-0x0000000074514000-memory.dmp

Filesize
6.1MB

Download
memory/1272-56-0x0000000074520000-0x0000000074B44000-memory.dmp

Filesize
6.1MB

Download
memory/1272-58-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1272-59-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1272-57-0x0000000000260000-0x00000000002AB000-memory.dmp

Filesize
300KB

Download
memory/1272-60-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1272-62-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1272-61-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1272-63-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1272-64-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1272-65-0x00000000027B0000-0x00000000027B2000-memory.dmp

Filesize
8KB

Download
memory/1272-67-0x0000000074520000-0x0000000074B44000-memory.dmp

Filesize
6.1MB

Download