ff1f764d0915435b6d5818bad63b7f42a9429b7d6b13185be79ad76adfedc5c8

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 10:24

Target

ff1f764d0915435b6d5818bad63b7f42a9429b7d6b13185be79ad76adfedc5c8.dll
Size

16KB
MD5

713a741b07cb5e997a8d4099425d2e0e
SHA1

a3d0316374edbc558022f3fceaad0f501cd16068
SHA256

ff1f764d0915435b6d5818bad63b7f42a9429b7d6b13185be79ad76adfedc5c8
SHA512

71f6a77518d3c8235593bd9bc7dc5fb5f8d94f21fbe8a0c72a848a4c7ba0cbe06e0c24b1a6c782d07d83f07e58af7f5e26713920a1910e1ce5f1d269f33f4722
SSDEEP

384:pRrgue+Yg1THk1XTgG1G0gvZY5bMYRJFd8A:1Mg1zMXv1G0gqXD9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1516	1708	rundll32.exe	27
PID 1708 wrote to memory of 1516	1708	rundll32.exe	27
PID 1708 wrote to memory of 1516	1708	rundll32.exe	27
PID 1708 wrote to memory of 1516	1708	rundll32.exe	27
PID 1708 wrote to memory of 1516	1708	rundll32.exe	27
PID 1708 wrote to memory of 1516	1708	rundll32.exe	27
PID 1708 wrote to memory of 1516	1708	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff1f764d0915435b6d5818bad63b7f42a9429b7d6b13185be79ad76adfedc5c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff1f764d0915435b6d5818bad63b7f42a9429b7d6b13185be79ad76adfedc5c8.dll,#1
  2⤵
  PID:1516

memory/1516-54-0x0000000000000000-mapping.dmp

Download
memory/1516-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download