3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 07:49

Target

3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd.dll
Size

36KB
MD5

574452d86b9aca9d38832e41f2d679e7
SHA1

084606a1112c8ac224342da7bdef858eb124d69a
SHA256

3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd
SHA512

3c79ef430d0471b4c6f19330563b93a889a8221570bb6c008f1a1e3e5f520072210ae260a8c27828d32f5b294843c564044eb0083eb5a794a7f9e7961c8fb759
SSDEEP

768:cVs14yYwC2+s/X28WIS1tn7/J3MsoG95hNDdR0VOMP:cuOyYwC428WISX71MOvRR0VOMP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd.dll,#1
  2⤵
  PID:1856

memory/1856-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download