bddf5c015a982c128836ffcc977f8770b4a313c0f386476745b6bbd9cc5c820d

Analysis

max time kernel
48s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/11/2022, 10:17

Target

bddf5c015a982c128836ffcc977f8770b4a313c0f386476745b6bbd9cc5c820d.dll
Size

1.3MB
MD5

71cb4ab6407bca82bdbaeeacd96d606e
SHA1

998a686c7b71ead7738f5b27fba51c5c8377445c
SHA256

bddf5c015a982c128836ffcc977f8770b4a313c0f386476745b6bbd9cc5c820d
SHA512

f568200d0d60fed821ee682fc7ff6064820990aa5a59dc590e8179213aea4862007b3cebbe603bff1cdee46ea7ea096756dac5eb7d30e52af54f638ea57fecd5
SSDEEP

24576:J+5VC4PEoVC4dt7Cg4us2ey+s0UKIhxZx/MFA41pC9QkBxvugd0:M5t7w2BHKIhxZx/MFA41A9QkBxv2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27
PID 1720 wrote to memory of 996	1720	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bddf5c015a982c128836ffcc977f8770b4a313c0f386476745b6bbd9cc5c820d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bddf5c015a982c128836ffcc977f8770b4a313c0f386476745b6bbd9cc5c820d.dll,#1
  2⤵
  PID:996

memory/996-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download