88d1a3d60ef554098b3c8fc8aeccb9042bd4ce838b4d7a8f932e778c3a76ee42

Analysis

max time kernel
22s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 03:36

Target

88d1a3d60ef554098b3c8fc8aeccb9042bd4ce838b4d7a8f932e778c3a76ee42.dll
Size

6KB
MD5

680f0ce53d72fdfd1760f028900641d0
SHA1

a47b66f0046af17344eae4754554d3e9c0c84aa7
SHA256

88d1a3d60ef554098b3c8fc8aeccb9042bd4ce838b4d7a8f932e778c3a76ee42
SHA512

9a5e50c4dd47e9bdef80b8262f1c784a5e6d2274962d02a4ce179fdc317722b6ddf4f927dc3bdcd7aa6674d2610a74a143515b55683ff8f671e510609236a249
SSDEEP

96:nI2RrUeqgwgi3MWnz7sTlhbADruG3lpFUiEppF6vA8N:XR4eXO9XQhb413lpFUikFuf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 968	1728	rundll32.exe	28
PID 1728 wrote to memory of 968	1728	rundll32.exe	28
PID 1728 wrote to memory of 968	1728	rundll32.exe	28
PID 1728 wrote to memory of 968	1728	rundll32.exe	28
PID 1728 wrote to memory of 968	1728	rundll32.exe	28
PID 1728 wrote to memory of 968	1728	rundll32.exe	28
PID 1728 wrote to memory of 968	1728	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\88d1a3d60ef554098b3c8fc8aeccb9042bd4ce838b4d7a8f932e778c3a76ee42.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\88d1a3d60ef554098b3c8fc8aeccb9042bd4ce838b4d7a8f932e778c3a76ee42.dll,#1
  2⤵
  PID:968

memory/968-54-0x0000000000000000-mapping.dmp

Download
memory/968-55-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download