d9dbe0d4d188ecdb7417e15cc37968df94e46b01dd185243a167e27ca7fa42ed

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/10/2022, 20:33

Target

d9dbe0d4d188ecdb7417e15cc37968df94e46b01dd185243a167e27ca7fa42ed.dll
Size

64KB
MD5

cc1eef2ac07caeac230b98102e891b18
SHA1

4520fded74ef1d86b726afa66af0434f793c18a6
SHA256

d9dbe0d4d188ecdb7417e15cc37968df94e46b01dd185243a167e27ca7fa42ed
SHA512

d2a00965e6af04baa5641600f0a67ced5ec5370c33da58becba443cfb622ff31e2cbf75e9ff001b15e064a7756a03ac6afc0102e6b655e2a781ff13f6d7fd9ef
SSDEEP

768:U/YH/RzZEdmUM36a6K/odbN3i1aODVgmFj9oglt4d:Us/RzZgM3d/wY1j17ogD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1708	1492	rundll32.exe	27
PID 1492 wrote to memory of 1708	1492	rundll32.exe	27
PID 1492 wrote to memory of 1708	1492	rundll32.exe	27
PID 1492 wrote to memory of 1708	1492	rundll32.exe	27
PID 1492 wrote to memory of 1708	1492	rundll32.exe	27
PID 1492 wrote to memory of 1708	1492	rundll32.exe	27
PID 1492 wrote to memory of 1708	1492	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9dbe0d4d188ecdb7417e15cc37968df94e46b01dd185243a167e27ca7fa42ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9dbe0d4d188ecdb7417e15cc37968df94e46b01dd185243a167e27ca7fa42ed.dll,#1
  2⤵
  PID:1708

memory/1708-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download