14ca95dd6d6749f68ddcdaa013dcb96bdc23c55fea9caadd8698e7d1935f7caa

Analysis

max time kernel
29s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05/05/2023, 19:52

Target

14ca95dd6d6749f68ddcdaa013dcb96bdc23c55fea9caadd8698e7d1935f7caa.dll
Size

160KB
MD5

7ddac8d26728cd8dc58cc7ba090b5149
SHA1

94e277f1b7d7ec0c723eed4d63796321f435a5de
SHA256

14ca95dd6d6749f68ddcdaa013dcb96bdc23c55fea9caadd8698e7d1935f7caa
SHA512

9972227e2c41363f8d27fb3ba092071ed77ad1d2ecd8fd681f4215a20b170ec467bff1bd1a6ff5ab0db3029a6c4de441d677a92c794e124ef82c9a5808997f0d
SSDEEP

3072:qBiM7XdeodCuXMRFaPj+2RqDazmmRB6JepLGc:3mXRdO7N2w2zL+JeNd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 940	924	rundll32.exe	28
PID 924 wrote to memory of 940	924	rundll32.exe	28
PID 924 wrote to memory of 940	924	rundll32.exe	28
PID 924 wrote to memory of 940	924	rundll32.exe	28
PID 924 wrote to memory of 940	924	rundll32.exe	28
PID 924 wrote to memory of 940	924	rundll32.exe	28
PID 924 wrote to memory of 940	924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14ca95dd6d6749f68ddcdaa013dcb96bdc23c55fea9caadd8698e7d1935f7caa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14ca95dd6d6749f68ddcdaa013dcb96bdc23c55fea9caadd8698e7d1935f7caa.dll,#1
  2⤵
  PID:940

memory/940-54-0x0000000000170000-0x00000000001A6000-memory.dmp

Filesize
216KB

Download
memory/940-55-0x0000000000170000-0x00000000001A6000-memory.dmp

Filesize
216KB

Download
memory/940-56-0x0000000000170000-0x0000000000176000-memory.dmp

Filesize
24KB

Download