fa37efbedd1c963489c6d8c1f18e60e86857d806c9e03c1393464ae8bc67be79

Analysis

max time kernel
28s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 14:35

Target

fa37efbedd1c963489c6d8c1f18e60e86857d806c9e03c1393464ae8bc67be79.dll
Size

238KB
MD5

7006e0bd412bdd1ed7d3e12383139f66
SHA1

7f1848d4df9e86b2b13d7ca0f5e9a7f65097ff7f
SHA256

fa37efbedd1c963489c6d8c1f18e60e86857d806c9e03c1393464ae8bc67be79
SHA512

b49605ad1a2277406048512e5a03320b54d799618fe041973b27891afd51799bc260bbead55e6e89e096c4f272d2b436d7569a77cdfcde2353ba2188dfebeb0b
SSDEEP

6144:c8yS9eqLRrlkDRufLYPPPPDfDPPPv+aPpPPZhPPPkEY+PPcPAPDl1M:cbF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1104	1932	rundll32.exe	27
PID 1932 wrote to memory of 1104	1932	rundll32.exe	27
PID 1932 wrote to memory of 1104	1932	rundll32.exe	27
PID 1932 wrote to memory of 1104	1932	rundll32.exe	27
PID 1932 wrote to memory of 1104	1932	rundll32.exe	27
PID 1932 wrote to memory of 1104	1932	rundll32.exe	27
PID 1932 wrote to memory of 1104	1932	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa37efbedd1c963489c6d8c1f18e60e86857d806c9e03c1393464ae8bc67be79.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa37efbedd1c963489c6d8c1f18e60e86857d806c9e03c1393464ae8bc67be79.dll,#1
  2⤵
  PID:1104

memory/1104-55-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download