f613bde2a79ae566bc3bef4186d9a6c68548fc7be5c161c4fbf0fc54548abc99

Analysis

max time kernel
28s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 13:04

Target

f613bde2a79ae566bc3bef4186d9a6c68548fc7be5c161c4fbf0fc54548abc99.dll
Size

66KB
MD5

655a92e5223fe89b45e5b2f8e58a46c5
SHA1

8ae0442d556a8a38b9b4dd74b3426eb2096eda73
SHA256

f613bde2a79ae566bc3bef4186d9a6c68548fc7be5c161c4fbf0fc54548abc99
SHA512

94343a1c0fea18744bf02ffb1e3560c8b939ace9d2b065d65cf94742b801eee478d9d64f147d67192b16fab80d06026c81a7ec288a509080db42c2ed1cce1130
SSDEEP

1536:MhBRVgrExucMkvOJeLhFmZK/x5a/5NC534ri3Ecr6+HUwwBm1:cRRss2mFAix5753GiwvE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 1788	1188	rundll32.exe	27
PID 1188 wrote to memory of 1788	1188	rundll32.exe	27
PID 1188 wrote to memory of 1788	1188	rundll32.exe	27
PID 1188 wrote to memory of 1788	1188	rundll32.exe	27
PID 1188 wrote to memory of 1788	1188	rundll32.exe	27
PID 1188 wrote to memory of 1788	1188	rundll32.exe	27
PID 1188 wrote to memory of 1788	1188	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f613bde2a79ae566bc3bef4186d9a6c68548fc7be5c161c4fbf0fc54548abc99.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f613bde2a79ae566bc3bef4186d9a6c68548fc7be5c161c4fbf0fc54548abc99.dll,#1
  2⤵
  PID:1788

memory/1788-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download