9d387254099491bea8e281a9f1247bdab6f25919d6d1724185311f580732ae16

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 07:25

Target

9d387254099491bea8e281a9f1247bdab6f25919d6d1724185311f580732ae16.dll
Size

6KB
MD5

06dca75b944376afc49c5497b33e81a1
SHA1

3b02d552b4dacfe3c8a6e8de3e6cdd212ee4b15a
SHA256

9d387254099491bea8e281a9f1247bdab6f25919d6d1724185311f580732ae16
SHA512

0ea1aa7d4ffcba032fcc0662622e8511c3130240b9c9bef5f0756345cfbd3055577fc12054087e959005da1bda259c69ecd2a6ba7214694eb27160efd52996d4
SSDEEP

48:aGy7MN4cpSGAXbIni1kvNs6ztutiKIZWiwQTnU5WwG2QozbC6:xB4c4G6bn1k1sw0EW3enIWwGqb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d387254099491bea8e281a9f1247bdab6f25919d6d1724185311f580732ae16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d387254099491bea8e281a9f1247bdab6f25919d6d1724185311f580732ae16.dll,#1
  2⤵
  PID:1160

memory/1160-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download