ff1373dc34167ac7e45675efb08f234358123eb902605a0bc1031102903c1057

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 07:39

Target

ff1373dc34167ac7e45675efb08f234358123eb902605a0bc1031102903c1057.dll
Size

97KB
MD5

59f737d0ab281866f37774c96242d6d4
SHA1

a64c7ffe3ea1f48850072f431d0dd5d34dfb3373
SHA256

ff1373dc34167ac7e45675efb08f234358123eb902605a0bc1031102903c1057
SHA512

c407b5d3646b51c1f75c4b1c27517d21154fd3863cae307114c13189a3bcc80476b3ae4c1c30d5031f44e87f62f48ef98d0e75aac22cd9e11c9c43cd787a56d2
SSDEEP

1536:dC42owFQhOndUNOyTV0XN68lvGvZGSkwEbPG0/nIwQoSa/g:dFhw9d6TQN68cBGSkwOO0/nI7a/g

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
840	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff1373dc34167ac7e45675efb08f234358123eb902605a0bc1031102903c1057.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff1373dc34167ac7e45675efb08f234358123eb902605a0bc1031102903c1057.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840

memory/840-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download