b15a653c273e08d5d46f2b8d0c8dbed066333c26fd98fd918f426b2c626b5b98

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 13:47

Target

b15a653c273e08d5d46f2b8d0c8dbed066333c26fd98fd918f426b2c626b5b98.dll
Size

34KB
MD5

65518bd01c0d8d81545170bd4cd9fb55
SHA1

36dbf03dd0d736cd1535ba565feeef26352b7851
SHA256

b15a653c273e08d5d46f2b8d0c8dbed066333c26fd98fd918f426b2c626b5b98
SHA512

41ed48efb9f24429b5f3b72553b6b5b861cbba81f07bcf53b7dde3fe2b6c06f4c46100401ac48a95f85907cbc9126c12865ece791f297a5ea6e12911fd4eb270
SSDEEP

768:KphOXQE2dJRi7Fc2PKms2BD78EndiHNiOVndRvDqM2:KphpE2d76TKm978EnE0GdRGV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b15a653c273e08d5d46f2b8d0c8dbed066333c26fd98fd918f426b2c626b5b98.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b15a653c273e08d5d46f2b8d0c8dbed066333c26fd98fd918f426b2c626b5b98.dll,#1
  2⤵
  PID:788

memory/788-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download