69f9f603ca60ea0d2a4336e323626b5e0cc8e3b412473b4dc84a0af9b7282141

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-11-2022 10:51

Target

69f9f603ca60ea0d2a4336e323626b5e0cc8e3b412473b4dc84a0af9b7282141.dll
Size

62KB
MD5

70eb298bd352a9dd277871623cc0e904
SHA1

79bf2256382f7a21c61439fbfb64ff0a03b36f69
SHA256

69f9f603ca60ea0d2a4336e323626b5e0cc8e3b412473b4dc84a0af9b7282141
SHA512

a0dba9ad1bd05426466663ef7748ea53aeee3fd2781d448ffb185f25679bd3d056dcd8ec250d7c65de30ee05fbf449c8fd87fc44b8631571ea1f2a5b8c4de3f3
SSDEEP

768:DVEfAmKoi81tTSbgW7yo3lzQm1hIXw7po9SKeLWPYwJbCNJLWPYwJbCN2:DVEIE1tTyg+3mmM4poXeaLCNJaLCN2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\69f9f603ca60ea0d2a4336e323626b5e0cc8e3b412473b4dc84a0af9b7282141.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\69f9f603ca60ea0d2a4336e323626b5e0cc8e3b412473b4dc84a0af9b7282141.dll,#1
  2⤵
  PID:1364

memory/1364-55-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download