78a28b25b330513649439305a5d9293cb07fb796ad6521ef31f39a5453a549d8

Resubmissions

07-09-2023 14:45

07-09-2023 14:12

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07-09-2023 14:12

Target

17ffd90d20cbd49c4e0d65a484eeae65a107d5bad9582afc51c4ead8bbc147e1.dll
Size

160KB
MD5

b49aedab270215f327ab95ea98cb7e33
SHA1

10b4aafcdeaba91e0140b581fd397e5db94c106d
SHA256

17ffd90d20cbd49c4e0d65a484eeae65a107d5bad9582afc51c4ead8bbc147e1
SHA512

eebc06bc7c6f79be5c1fe0020e17b808e17c259fe99ac4d8455849c6ae383258ed637fa067ae5e203152d271494f1b2ff735973f4d2e09797ec787426418327a
SSDEEP

1536:Gls0QszjGz02ZPO9nEpXiMpi28p7Pbi4eTMluxtXDCntTnICS4Ay4bbaTIL5CMdS:8RwOWpXiIgLbi4eTMlwDCnuo47pd+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1964	2168	rundll32.exe	28
PID 2168 wrote to memory of 1964	2168	rundll32.exe	28
PID 2168 wrote to memory of 1964	2168	rundll32.exe	28
PID 2168 wrote to memory of 1964	2168	rundll32.exe	28
PID 2168 wrote to memory of 1964	2168	rundll32.exe	28
PID 2168 wrote to memory of 1964	2168	rundll32.exe	28
PID 2168 wrote to memory of 1964	2168	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17ffd90d20cbd49c4e0d65a484eeae65a107d5bad9582afc51c4ead8bbc147e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17ffd90d20cbd49c4e0d65a484eeae65a107d5bad9582afc51c4ead8bbc147e1.dll,#1
  2⤵
  PID:1964

memory/1964-0-0x00000000000B0000-0x00000000000BA000-memory.dmp

Filesize
40KB

Download
memory/1964-1-0x00000000000B0000-0x00000000000BA000-memory.dmp

Filesize
40KB

Download
memory/1964-2-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/1964-4-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1964-5-0x0000000002FD0000-0x000000000306F000-memory.dmp

Filesize
636KB

Download
memory/1964-7-0x0000000003070000-0x000000000319D000-memory.dmp

Filesize
1.2MB

Download
memory/1964-6-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1964-3-0x0000000001F00000-0x0000000001FC9000-memory.dmp

Filesize
804KB

Download
memory/1964-8-0x0000000000360000-0x000000000037F000-memory.dmp

Filesize
124KB

Download
memory/1964-10-0x0000000003430000-0x0000000003539000-memory.dmp

Filesize
1.0MB

Download
memory/1964-9-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/1964-12-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/1964-11-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download