49935fce10f803540c268c0b5013d42120e03b04ac454e939d4841e995a90821

Analysis

max time kernel
26s
max time network
28s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
04/07/2023, 17:42

Target

49935fce10f803540c268c0b5.dll
Size

293KB
MD5

00cb030d867c2724a163620dc64ade24
SHA1

b04772ca1e23e5ef06c8d2c2c5313a8f10886d07
SHA256

49935fce10f803540c268c0b5013d42120e03b04ac454e939d4841e995a90821
SHA512

b2f2f02abde7fe4d63320d5bb4c141f111f137a92d5d5d940825acb34e2e86a9fd89713d5fd75af40254438432b1fb127326a48f11bc2217e8b0ff4ee83c8160
SSDEEP

6144:YxTNhvxJ6h2fFtOxpp6bTGgiENpHGSpqlTXC1AYklTBSwAOzpd2:4TNh58srOfpAPi0EfCQlTYw/w

Score

8^/10

Blocklisted process makes network request 3 IoCs

Suspicious behavior: EnumeratesProcesses 19 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1660	1572	rundll32.exe	26
PID 1572 wrote to memory of 1660	1572	rundll32.exe	26
PID 1572 wrote to memory of 1660	1572	rundll32.exe	26
PID 1572 wrote to memory of 1660	1572	rundll32.exe	26
PID 1572 wrote to memory of 1660	1572	rundll32.exe	26
PID 1572 wrote to memory of 1660	1572	rundll32.exe	26
PID 1572 wrote to memory of 1660	1572	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49935fce10f803540c268c0b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49935fce10f803540c268c0b5.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:1660

memory/1660-54-0x0000000010000000-0x000000001007D000-memory.dmp

Filesize
500KB

Download