bf3f1bba8c710301c7521de161f5ccdffa8596f0d987c1e7a069f6a2c7ee7c9d

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 11:07

Target

bf3f1bba8c710301c7521de161f5ccdffa8596f0d987c1e7a069f6a2c7ee7c9d.dll
Size

96KB
MD5

35e0999f5e735a012d55695847ed50c3
SHA1

8c6f6448187885b5b4a184f2b22cf34a62b39d0e
SHA256

bf3f1bba8c710301c7521de161f5ccdffa8596f0d987c1e7a069f6a2c7ee7c9d
SHA512

14620a8f633f81bb92f1ccb1ce4a1a4aa7e8b10c46351293d10326f6a0a2d7095a7587d9c80dca9368525a4d931da96570719e80bc551c2bed8eba1d80b85de0
SSDEEP

1536:Nh1fL15Vx2G5bCgsSejqjc5XjLtdUs8wizOOuiXF:Nh53p5NIjqjS9usENx1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf3f1bba8c710301c7521de161f5ccdffa8596f0d987c1e7a069f6a2c7ee7c9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf3f1bba8c710301c7521de161f5ccdffa8596f0d987c1e7a069f6a2c7ee7c9d.dll,#1
  2⤵
  PID:844

memory/844-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download