90c427747ddc850918a882e8db7a916a5601f250541af21c6401b7f2e5436f8d

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 15:15

Target

90c427747ddc850918a882e8db7a916a5601f250541af21c6401b7f2e5436f8d.dll
Size

200KB
MD5

81d9bd5eb878830ddc22d747fa466190
SHA1

e6546f9f9a08974b9052b4d9662f1cbc2214a543
SHA256

90c427747ddc850918a882e8db7a916a5601f250541af21c6401b7f2e5436f8d
SHA512

06a586b8e68d1dd9f1e9f4b81380db0956d9865fd2bc8751f336eaddd642ddbf36a49f73ef829186694eb2a56fa84a36a445300c9b8cba8ae58fb23046a5b087
SSDEEP

3072:pGn7hZpPr/R6OtRaTW5ZmohWqAixvfGSRfU7:pGnFZpj/vtR2+5WqAAfD5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2024	1900	rundll32.exe	27
PID 1900 wrote to memory of 2024	1900	rundll32.exe	27
PID 1900 wrote to memory of 2024	1900	rundll32.exe	27
PID 1900 wrote to memory of 2024	1900	rundll32.exe	27
PID 1900 wrote to memory of 2024	1900	rundll32.exe	27
PID 1900 wrote to memory of 2024	1900	rundll32.exe	27
PID 1900 wrote to memory of 2024	1900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90c427747ddc850918a882e8db7a916a5601f250541af21c6401b7f2e5436f8d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90c427747ddc850918a882e8db7a916a5601f250541af21c6401b7f2e5436f8d.dll,#1
  2⤵
  PID:2024

memory/2024-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download