500a341913184039fdefeb694b5f27949c9903bfd63ccbb8b2a8e168c6494efc

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-06-2023 19:31

Target

500a341913184039fdefeb694b5f27949c9903bfd63ccbb8b2a8e168c6494efc.dll
Size

1.7MB
MD5

a61aa5b02af7ceb08d25f5f2c8071f73
SHA1

29d541f44d25ac1d467447e57595d31490fe7691
SHA256

500a341913184039fdefeb694b5f27949c9903bfd63ccbb8b2a8e168c6494efc
SHA512

d394899c6cb1f28987712a33bad4b1c50efb4089a1233790018995ddbf531246b3c87fe26a9f80f148a9e831e0e19ab6820f54789dcc79a2f12d70c768a09418
SSDEEP

49152:M7yYiFKAtm5I/KKAXIf+h/C/MrxjvTH7Bc:MwFKAYF/ht7H7Bc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 916 wrote to memory of 1512	916	rundll32.exe	rundll32.exe
PID 916 wrote to memory of 1512	916	rundll32.exe	rundll32.exe
PID 916 wrote to memory of 1512	916	rundll32.exe	rundll32.exe
PID 916 wrote to memory of 1512	916	rundll32.exe	rundll32.exe
PID 916 wrote to memory of 1512	916	rundll32.exe	rundll32.exe
PID 916 wrote to memory of 1512	916	rundll32.exe	rundll32.exe
PID 916 wrote to memory of 1512	916	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\500a341913184039fdefeb694b5f27949c9903bfd63ccbb8b2a8e168c6494efc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\500a341913184039fdefeb694b5f27949c9903bfd63ccbb8b2a8e168c6494efc.dll,#1
2⤵
PID:1512

memory/1512-54-0x0000000074680000-0x00000000749D4000-memory.dmp

Filesize
3.3MB

Download
memory/1512-55-0x0000000074320000-0x0000000074674000-memory.dmp

Filesize
3.3MB

Download
memory/1512-56-0x0000000074320000-0x0000000074674000-memory.dmp

Filesize
3.3MB

Download
memory/1512-57-0x0000000074680000-0x0000000074687000-memory.dmp

Filesize
28KB

Download