8bffb42d54d1396c869e43c901641c936b427e5b2663ba445b687a107d872941

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 06:35

Target

8bffb42d54d1396c869e43c901641c936b427e5b2663ba445b687a107d872941.dll
Size

34KB
MD5

807a6390953a70aab02416af3a17def1
SHA1

a0a2de4526052eaf9c820c14e8b6e3261fd7cd08
SHA256

8bffb42d54d1396c869e43c901641c936b427e5b2663ba445b687a107d872941
SHA512

7d36f4b5a38b963091eeec1cd203138a60c1c2be3e2f46c7e4533c9d0c589d320bac1dd60ed8ef14e33cf4bae16bbad9dc42198f7cb1c70e99afc7344c6665d8
SSDEEP

768:5HhSzibNPn5f5dYQ7dCguH+sIIJGrw+RV5:5BKiFn5f5r7dCguH+sLIDR3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8bffb42d54d1396c869e43c901641c936b427e5b2663ba445b687a107d872941.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8bffb42d54d1396c869e43c901641c936b427e5b2663ba445b687a107d872941.dll,#1
  2⤵
  PID:1228

memory/1228-54-0x0000000000000000-mapping.dmp

Download
memory/1228-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download