40e9133f3ac44b7b7f4db78509e9562d3006d94fdd715b5850c6700427c5d6f1

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
23-06-2023 19:44

Target

40e9133f3ac44b7b7f4db78509e9562d3006d94fdd715b5850c6700427c5d6f1.dll
Size

831KB
MD5

5c250ac57eb603ed3d8ce0722ea8ea19
SHA1

e99b6204cb83a03a35479be5302460fd792536b1
SHA256

40e9133f3ac44b7b7f4db78509e9562d3006d94fdd715b5850c6700427c5d6f1
SHA512

974c4bc6a443732fc19598224a8f9d511b2a28c021de37e21a46a47db88d2b47038869efd469e1ade8c189db67eb25eb2dc82d8c33869cb72c227d62255fd3cf
SSDEEP

24576:p806ETdUAyo1hNxJQzrfG1OwZ3efyqqeRUQuLc:p8zMUAxhiHG1TufcQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1288 wrote to memory of 2044	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2044	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2044	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2044	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2044	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2044	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2044	1288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e9133f3ac44b7b7f4db78509e9562d3006d94fdd715b5850c6700427c5d6f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e9133f3ac44b7b7f4db78509e9562d3006d94fdd715b5850c6700427c5d6f1.dll,#1
2⤵
PID:2044

memory/2044-54-0x0000000001DE0000-0x0000000002297000-memory.dmp

Filesize
4.7MB

Download
memory/2044-55-0x0000000001DE0000-0x0000000002297000-memory.dmp

Filesize
4.7MB

Download
memory/2044-56-0x0000000001DE0000-0x0000000002297000-memory.dmp

Filesize
4.7MB

Download
memory/2044-57-0x0000000001DE0000-0x0000000002297000-memory.dmp

Filesize
4.7MB

Download