68f8395b483743f82f4d7df43f73c1e9cf4b47d06e731b5120f4de1c8d1f26f5

Analysis

max time kernel
35s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 17:05

Target

68f8395b483743f82f4d7df43f73c1e9cf4b47d06e731b5120f4de1c8d1f26f5.dll
Size

49KB
MD5

6934d9c6bd6f8311ef116f6f504f9f2d
SHA1

fc008f906d948841f1a4ac9d8e5d5b3667fd06bf
SHA256

68f8395b483743f82f4d7df43f73c1e9cf4b47d06e731b5120f4de1c8d1f26f5
SHA512

a3c6350abc034f231b2cb2da24d9fb6711892c3734983796c6361d505d1ebcbb57bc6e6634c83b2b8a9a94dd563c6fd46a6646477b937e9cbf82bd66cdb7c950
SSDEEP

768:DVV27Pk2b+S9zwj3gV+VEtPgbCSP0XJBXE3ZiapL07tYVtMoBiYGcpYgVjJ:DVV1HTXVa8n8XJEV07tYfMowYnYs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1452	904	rundll32.exe	27
PID 904 wrote to memory of 1452	904	rundll32.exe	27
PID 904 wrote to memory of 1452	904	rundll32.exe	27
PID 904 wrote to memory of 1452	904	rundll32.exe	27
PID 904 wrote to memory of 1452	904	rundll32.exe	27
PID 904 wrote to memory of 1452	904	rundll32.exe	27
PID 904 wrote to memory of 1452	904	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68f8395b483743f82f4d7df43f73c1e9cf4b47d06e731b5120f4de1c8d1f26f5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68f8395b483743f82f4d7df43f73c1e9cf4b47d06e731b5120f4de1c8d1f26f5.dll,#1
  2⤵
  PID:1452

memory/1452-55-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download