937bf8dde5d1f7a78eabc794f33bc531dca27cb96899166e55b1e909c61634a4

Analysis

max time kernel
19s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-10-2022 22:51

Target

937bf8dde5d1f7a78eabc794f33bc531dca27cb96899166e55b1e909c61634a4.dll
Size

53KB
MD5

0c0006cccbd774ebc062b18de1e06c60
SHA1

226b057e81fe34b67b5cf279641891a1fe6492cd
SHA256

937bf8dde5d1f7a78eabc794f33bc531dca27cb96899166e55b1e909c61634a4
SHA512

184347c08a7022423599a69474bcbf5aa51e51248a32e3f4f2ff2bc696a072114c8d7038758e23a6395860b087f2894a2a6fb266b321d2783326295ccb3ca2a4
SSDEEP

768:6RHUspVJVPw7FjfWctlU3R1iLTtMU9sBHYeThVopSc4LUF876/1UYD3a1eU4xoOe:6RTVP0QnlsMYmhVAOoF82/2YDKYTxsp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1368	1008	rundll32.exe	14
PID 1008 wrote to memory of 1368	1008	rundll32.exe	14
PID 1008 wrote to memory of 1368	1008	rundll32.exe	14
PID 1008 wrote to memory of 1368	1008	rundll32.exe	14
PID 1008 wrote to memory of 1368	1008	rundll32.exe	14
PID 1008 wrote to memory of 1368	1008	rundll32.exe	14
PID 1008 wrote to memory of 1368	1008	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\937bf8dde5d1f7a78eabc794f33bc531dca27cb96899166e55b1e909c61634a4.dll,#1
1⤵
PID:1368

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\937bf8dde5d1f7a78eabc794f33bc531dca27cb96899166e55b1e909c61634a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008

memory/1368-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download