0a04dcd4fe6fddc7edfd5c9b65fa23169a73fe19f1a8796df31722d6b45e30f7

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 16:53

Target

0a04dcd4fe6fddc7edfd5c9b65fa23169a73fe19f1a8796df31722d6b45e30f7.dll
Size

124KB
MD5

6bbb9c18a80024679182c6391b0a6d2e
SHA1

733665898ef816c8ad6d05a3ea7c8f0de75750b6
SHA256

0a04dcd4fe6fddc7edfd5c9b65fa23169a73fe19f1a8796df31722d6b45e30f7
SHA512

996391f159323862dfda9a58687829ca552952eea382396f6108abb280a10ee646b0a5e643bd77725059155180247749d7ec0e042327ee20fc95659c19d57e5c
SSDEEP

1536:6Rw9k6k1FrHc5CtDY3YZGkxCF4a7/h1uK8t:/cHr8wYoGN4abh1w

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a04dcd4fe6fddc7edfd5c9b65fa23169a73fe19f1a8796df31722d6b45e30f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a04dcd4fe6fddc7edfd5c9b65fa23169a73fe19f1a8796df31722d6b45e30f7.dll,#1
  2⤵
  PID:1076

memory/1076-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download