f89c54a410d1de9f9d05217831e651db77627a6d93e95dfeb6d0385fe951555a

Analysis

max time kernel
1618s
max time network
1620s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22/05/2023, 14:36

Target

splenativeDeterminative.SilviculturistGallantry.dll
Size

549KB
MD5

1862a5acea6e4a61b07862e74fb68e14
SHA1

313561041922d23d1149b22f72eecf0149b0f547
SHA256

f89c54a410d1de9f9d05217831e651db77627a6d93e95dfeb6d0385fe951555a
SHA512

90be40eb80c91cb7e63fa6bbf9a18b7cf4931165d60d0f9e42079165998674c04413db4cc1e1c569a33018038b871619c90f43ed125447b84d1c2239bd747db5
SSDEEP

12288:f67mo2xmrRgC9+JiEWpOp9VTOvqUDVKeQQGtTzqz:C7RrRJ9+b6MTTOvqUDbQQb

Score

1^/10

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 620	1376	rundll32.exe	28
PID 1376 wrote to memory of 620	1376	rundll32.exe	28
PID 1376 wrote to memory of 620	1376	rundll32.exe	28
PID 1376 wrote to memory of 620	1376	rundll32.exe	28
PID 1376 wrote to memory of 620	1376	rundll32.exe	28
PID 1376 wrote to memory of 620	1376	rundll32.exe	28
PID 1376 wrote to memory of 620	1376	rundll32.exe	28
PID 520 wrote to memory of 604	520	cmd.exe	31
PID 520 wrote to memory of 604	520	cmd.exe	31
PID 520 wrote to memory of 604	520	cmd.exe	31
PID 604 wrote to memory of 1656	604	rundll32.exe	32
PID 604 wrote to memory of 1656	604	rundll32.exe	32
PID 604 wrote to memory of 1656	604	rundll32.exe	32
PID 604 wrote to memory of 1656	604	rundll32.exe	32
PID 604 wrote to memory of 1656	604	rundll32.exe	32
PID 604 wrote to memory of 1656	604	rundll32.exe	32
PID 604 wrote to memory of 1656	604	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\splenativeDeterminative.SilviculturistGallantry.dll,vips
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\splenativeDeterminative.SilviculturistGallantry.dll,vips
  2⤵
  PID:620

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:520
- C:\Windows\system32\rundll32.exe
  rundll32.exe splenativeDeterminative.SilviculturistGallantry.dll,vips
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:604
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe splenativeDeterminative.SilviculturistGallantry.dll,vips
    3⤵
    PID:1656

memory/620-54-0x0000000000110000-0x0000000000113000-memory.dmp

Filesize
12KB

Download
memory/620-55-0x0000000000830000-0x00000000008A5000-memory.dmp

Filesize
468KB

Download
memory/1656-61-0x00000000003D0000-0x0000000000445000-memory.dmp

Filesize
468KB

Download