49053f17a978ad0d704ba7aa14540542c88053175806686c2df02eeec00ecd59

Analysis

max time kernel
19s
max time network
31s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
07-07-2023 03:30

Target

SoundPlayer.dll
Size

9KB
MD5

80ef4d6c67b0a39ebfb3adbf97796827
SHA1

8bf8ac28e695b6e541f5890e9361f21eff055464
SHA256

de17f024ed1a7c6771e97a74a999211d3ca55b40caaf70ba0cf0532cb9b410ad
SHA512

0bf2c8a9195176de94aeb8d263018d6ae27facb9004dc40ab21a54eb37d2dbc21154810171cfae088ffbe7faf959d5063cc002365cd4926ce19f7c0bcb3c9eb0
SSDEEP

96:OF2t4m5SPRnPhqyg6jjjkjpiyIN01+HwZ6b8K/1Dd04b/Ex9fMfOiS8sfQLapRvw:IeSRPhqygPiye04TELUO8VmfQH2g6Qz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2052	1984	rundll32.exe	27
PID 1984 wrote to memory of 2052	1984	rundll32.exe	27
PID 1984 wrote to memory of 2052	1984	rundll32.exe	27
PID 1984 wrote to memory of 2052	1984	rundll32.exe	27
PID 1984 wrote to memory of 2052	1984	rundll32.exe	27
PID 1984 wrote to memory of 2052	1984	rundll32.exe	27
PID 1984 wrote to memory of 2052	1984	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SoundPlayer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SoundPlayer.dll,#1
  2⤵
  PID:2052

memory/2052-54-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2052-55-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download