98a759b776df886a4c16fb7a10f60bbf81a1bf4f8f5e1b2cfc776011250d2e7a

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 07:42

Target

98a759b776df886a4c16fb7a10f60bbf81a1bf4f8f5e1b2cfc776011250d2e7a.dll
Size

100KB
MD5

929bde2624608cf99b8e71c52fac8efa
SHA1

0112f9be4198b4cecade371231f4dd9ead31db19
SHA256

98a759b776df886a4c16fb7a10f60bbf81a1bf4f8f5e1b2cfc776011250d2e7a
SHA512

91ef561c19f1fbe3575bde0bee41c7bf528b6dc9335acce44717db1105a45812786adfddded4d5eb2ec762dafe820cee0455b33d23a4a924c0696b4c02418e69
SSDEEP

1536:ebTB8hDD/QOfjlZEJ9FBhd10enKC+yHmsMDhPnLZMAd+yd9wHy:1xD/QOf2FLd1pnKC+yH2NtLL9wHy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98a759b776df886a4c16fb7a10f60bbf81a1bf4f8f5e1b2cfc776011250d2e7a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98a759b776df886a4c16fb7a10f60bbf81a1bf4f8f5e1b2cfc776011250d2e7a.dll,#1
  2⤵
  PID:996

memory/996-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download