f39e49cb8fdcd673dabbc366bdfefd1ae7dd6889c9a5d9bf3b0a9390d5d06b09

Analysis

max time kernel
24s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 21:16

Target

f39e49cb8fdcd673dabbc366bdfefd1ae7dd6889c9a5d9bf3b0a9390d5d06b09.dll
Size

49KB
MD5

913ea48166143ceff2b81c80e8d2c083
SHA1

529a3e6eab580234aabc4d49121b5acb946df81a
SHA256

f39e49cb8fdcd673dabbc366bdfefd1ae7dd6889c9a5d9bf3b0a9390d5d06b09
SHA512

1591eef65da571affd79ed1487275ff5ca6479a15b326e7d813988f74e65f732ba2629e9c3adcc91fa8a4d5c398718758b8767441072e0a5aa20ab5d56da7bc8
SSDEEP

1536:mPHud5kVA1zx6pkTD2AvUOMtcqKja0nsZJkySR:AHsFNwpAUOMtcljhnOJk5R

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f39e49cb8fdcd673dabbc366bdfefd1ae7dd6889c9a5d9bf3b0a9390d5d06b09.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f39e49cb8fdcd673dabbc366bdfefd1ae7dd6889c9a5d9bf3b0a9390d5d06b09.dll,#1
  2⤵
  PID:872

memory/872-55-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download