bb61284977a95dd27dcb28e4c47b83327b5eea38f374825115fc42ed4a88e686

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 20:07

Target

bb61284977a95dd27dcb28e4c47b83327b5eea38f374825115fc42ed4a88e686.dll
Size

73KB
MD5

546c9376d8afa4913fd770cef817326a
SHA1

687d3b5c4d3fd2aa0bb79d5020a19deaf19eeeb1
SHA256

bb61284977a95dd27dcb28e4c47b83327b5eea38f374825115fc42ed4a88e686
SHA512

b1f1f6b353ce995ef3f52c4ef3fcf97b58774e173c6af401b4db4b25ae6924dcafdd470c2db10b6e259239d20bd04ab7c1ad2b350e266d6853c93f181088d29a
SSDEEP

1536:RVcygyD82mwi2S9KwwfckBlxO11wJ1VQ8zRcFYeUD1jRl1:T5gyDpY7wfckBs16XQsmFYewl1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb61284977a95dd27dcb28e4c47b83327b5eea38f374825115fc42ed4a88e686.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb61284977a95dd27dcb28e4c47b83327b5eea38f374825115fc42ed4a88e686.dll,#1
  2⤵
  PID:1352

memory/1352-55-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download