7b06f4ef015b924404c44d5d97059670c5868bb9fd9ed66386166481fab9b681

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 08:49

Target

7b06f4ef015b924404c44d5d97059670c5868bb9fd9ed66386166481fab9b681.dll
Size

69KB
MD5

66bdd076b80c8db7b80e00a0ccd21cf8
SHA1

211d8a9362473fbad6633f7ab0ffdf49adfbd5e1
SHA256

7b06f4ef015b924404c44d5d97059670c5868bb9fd9ed66386166481fab9b681
SHA512

73f5f80a3fc744f5c18a8f98ec9856bb0d7991d0927c8afe4ba1b36302e478701015a906d7f499be2610f45628255df18d6d5cb6239c15665fcb69727ea89b9c
SSDEEP

1536:2LOJMXV6/ZDSAf8KiTPo0ioGf+TqnNR8rS4El6Waq/aMAD:2rk/mKiTPbQ+Tq78rpEo+/aMm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1744	2008	rundll32.exe	28
PID 2008 wrote to memory of 1744	2008	rundll32.exe	28
PID 2008 wrote to memory of 1744	2008	rundll32.exe	28
PID 2008 wrote to memory of 1744	2008	rundll32.exe	28
PID 2008 wrote to memory of 1744	2008	rundll32.exe	28
PID 2008 wrote to memory of 1744	2008	rundll32.exe	28
PID 2008 wrote to memory of 1744	2008	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b06f4ef015b924404c44d5d97059670c5868bb9fd9ed66386166481fab9b681.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b06f4ef015b924404c44d5d97059670c5868bb9fd9ed66386166481fab9b681.dll,#1
  2⤵
  PID:1744

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download