c971a3f26dedd661c970c0a3cc6d5a9d8978f1d4ae1013a28f9e9ef3d942a5ab

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 15:48

Target

c971a3f26dedd661c970c0a3cc6d5a9d8978f1d4ae1013a28f9e9ef3d942a5ab.dll
Size

6KB
MD5

6670bafd628c09459960b1f7876d80ba
SHA1

11fd6016a4f75ae1e57e4befbeb1c5664972b3c1
SHA256

c971a3f26dedd661c970c0a3cc6d5a9d8978f1d4ae1013a28f9e9ef3d942a5ab
SHA512

6f18201451feb727bb259b58230193f2340fa50816f440aec62fc00d989f6ed1d8a4f32caa6f8d99b8a04a8216e8e8366c237d3b3d2a16a46331d09d7df38370
SSDEEP

48:Ss0QejYDx6/gB5B65/ic/2hmm3YGebeTKurfUsMbgUe5+++OAASiSSJWkAAABOAO:z0QR9B6BvAwbgUQAAxckAAA8AAAmAA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c971a3f26dedd661c970c0a3cc6d5a9d8978f1d4ae1013a28f9e9ef3d942a5ab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c971a3f26dedd661c970c0a3cc6d5a9d8978f1d4ae1013a28f9e9ef3d942a5ab.dll,#1
  2⤵
  PID:1252

memory/1252-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download