745fabf982d3f38ada9397e96b047c433c1d17dde232278bb187e216c897e381

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:06

Target

745fabf982d3f38ada9397e96b047c433c1d17dde232278bb187e216c897e381.dll
Size

518KB
MD5

9cc48b182f433584e227125583c38b40
SHA1

af91de73450cadaf45e80db2b4a77ffc1b66cce6
SHA256

745fabf982d3f38ada9397e96b047c433c1d17dde232278bb187e216c897e381
SHA512

cd9de840e2511af6799d1209fe953f42098f29f21075405494175733f4e0bafd6d887f6d8ef7922266d55b1b6d07bd65bf7fffd58ed398a700077f70d2c00381
SSDEEP

12288:6JYUc2BAd8srHiExL93i4bxwtFWklXQfCAa:q1cGPsrHi2vE5XMC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1888 wrote to memory of 2868	1888	rundll32.exe	rundll32.exe
PID 1888 wrote to memory of 2868	1888	rundll32.exe	rundll32.exe
PID 1888 wrote to memory of 2868	1888	rundll32.exe	rundll32.exe
PID 1888 wrote to memory of 2868	1888	rundll32.exe	rundll32.exe
PID 1888 wrote to memory of 2868	1888	rundll32.exe	rundll32.exe
PID 1888 wrote to memory of 2868	1888	rundll32.exe	rundll32.exe
PID 1888 wrote to memory of 2868	1888	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\745fabf982d3f38ada9397e96b047c433c1d17dde232278bb187e216c897e381.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\745fabf982d3f38ada9397e96b047c433c1d17dde232278bb187e216c897e381.dll,#1
2⤵
PID:2868

memory/2868-0-0x0000000000A90000-0x0000000000B18000-memory.dmp

Filesize
544KB

Download
memory/2868-1-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2868-2-0x0000000000A90000-0x0000000000B18000-memory.dmp

Filesize
544KB

Download
memory/2868-4-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download