db20b30e943b146fc1468ad612c6c913846f2df88de35d4a6f493f0916932c1e

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
23-06-2023 18:57

Target

db20b30e943b146fc1468ad612c6c913846f2df88de35d4a6f493f0916932c1e.dll
Size

441KB
MD5

74768db2a594f04f7f132379fe494906
SHA1

4c62f6418265794ecfe8917a5a4b9bf85f79f72e
SHA256

db20b30e943b146fc1468ad612c6c913846f2df88de35d4a6f493f0916932c1e
SHA512

d3de0950d619e6cc125872c5a6fe49558a0a789b77ac23a2164ba03936c71870e12e7e593489e4b85d7976d4da8065112472cd475f625a576a2989cfb78469ff
SSDEEP

6144:34hrOuVOTJy8CVFkVMZ3ytjSa/gHc6UykF+rAaBcwoNnRsHmiTvqhADW0zGqY7qQ:2N+JyhVRZ3yYzzeoc2PoNnmvqhcUJEB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1096 wrote to memory of 1116	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1116	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1116	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1116	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1116	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1116	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 1116	1096	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db20b30e943b146fc1468ad612c6c913846f2df88de35d4a6f493f0916932c1e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db20b30e943b146fc1468ad612c6c913846f2df88de35d4a6f493f0916932c1e.dll,#1
2⤵
PID:1116

memory/1116-54-0x00000000002D0000-0x000000000040F000-memory.dmp

Filesize
1.2MB

Download
memory/1116-55-0x00000000002D0000-0x000000000040F000-memory.dmp

Filesize
1.2MB

Download