0096cffb07d9491c39c7cb822985a44acf4299a2112bb9100bd05c976368dfd6

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18/09/2022, 23:16

Target

0096cffb07d9491c39c7cb822985a44acf4299a2112bb9100bd05c976368dfd6.dll
Size

32KB
MD5

64639b8aab1582e392d7406bed401b9a
SHA1

5c70e685822cabb86745f803a0d1532798725bc8
SHA256

0096cffb07d9491c39c7cb822985a44acf4299a2112bb9100bd05c976368dfd6
SHA512

af48ca7fb867114676fe90bea8a5f570a161158fb6e7c454146384ad50ec25c6bd6fef6680d19f9a02ae30b370d8b58fb9e57a52ae53d5ecdba482246c635dba
SSDEEP

384:2FqL0mh9NfNryPHkx0bzSYAk8kVfO5Y4ZXXqGa/77y4gk+vjt4mt6dyRH+eAvvCL:sqLJLLEIkVf5/75L+vjGm4dA5ACRIk5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0096cffb07d9491c39c7cb822985a44acf4299a2112bb9100bd05c976368dfd6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0096cffb07d9491c39c7cb822985a44acf4299a2112bb9100bd05c976368dfd6.dll,#1
  2⤵
  PID:2016

memory/2016-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download