91e72c0034e40a28291b59eb5736872d9f0e7bba3baab9431d92ba5ed9b03192

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 08:45

Target

91e72c0034e40a28291b59eb5736872d9f0e7bba3baab9431d92ba5ed9b03192.dll
Size

97KB
MD5

6958bfa1926ab59b0c1c1f104dac95cd
SHA1

972f34d73d7bc3e039b1084958de5f6b6303cb2a
SHA256

91e72c0034e40a28291b59eb5736872d9f0e7bba3baab9431d92ba5ed9b03192
SHA512

1e705fef55267b789ac4f4cc045c1bc8a58d49a5ad1ebbe39d8467497c294f24fd570573f94ee36e1b853399f98458094f6c62e692eb0dfd0bf8412d9d3ebe6a
SSDEEP

1536:i64W3b/+sHTUxLu325tQcxORYejYcb4RMYjlc5TSDJ0Y5wb99vSNwk:1b/+sH+HWjYcbx5T2T49FS/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91e72c0034e40a28291b59eb5736872d9f0e7bba3baab9431d92ba5ed9b03192.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91e72c0034e40a28291b59eb5736872d9f0e7bba3baab9431d92ba5ed9b03192.dll,#1
  2⤵
  PID:1744

memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download