0704385a48d833beabde635b5f945561670cb220c13c10a7f3dd963442fc4107

Analysis

max time kernel
141s
max time network
34s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
25-06-2023 19:49

Target

0704385a48d833beabde635b5f945561670cb220c13c10a7f3dd963442fc4107.dll
Size

1.8MB
MD5

6f3aff08035d58e462f291644b9b2f78
SHA1

3d3f8907a95b49c967d1cdc8f048b21812c3a08f
SHA256

0704385a48d833beabde635b5f945561670cb220c13c10a7f3dd963442fc4107
SHA512

f422a9a9deb6db932e150cc82cea3c66ea56e759d31229413951cd1fc8d2bdb784a6d74c65b18529e15297dd1207fb5c99360e322f4d9e2b41dad339ddb45f31
SSDEEP

49152:56Zb5PMbnqbFcJxigZbCkJgMaqjYkAble5gLJTH7oi:56V5PMbnAgx2VAAblWOhH7oi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 864 wrote to memory of 1748	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1748	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1748	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1748	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1748	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1748	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1748	864	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0704385a48d833beabde635b5f945561670cb220c13c10a7f3dd963442fc4107.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0704385a48d833beabde635b5f945561670cb220c13c10a7f3dd963442fc4107.dll,#1
2⤵
PID:1748

memory/1748-54-0x0000000074C10000-0x0000000074F9D000-memory.dmp

Filesize
3.6MB

Download
memory/1748-55-0x0000000074880000-0x0000000074C0D000-memory.dmp

Filesize
3.6MB

Download
memory/1748-56-0x0000000074C10000-0x0000000074F9D000-memory.dmp

Filesize
3.6MB

Download
memory/1748-57-0x00000000009E0000-0x0000000000A2B000-memory.dmp

Filesize
300KB

Download
memory/1748-58-0x0000000000A30000-0x0000000000A31000-memory.dmp

Filesize
4KB

Download
memory/1748-59-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1748-60-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/1748-62-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/1748-61-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/1748-64-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/1748-63-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/1748-65-0x00000000027B0000-0x00000000027B2000-memory.dmp

Filesize
8KB

Download