f33890d303730a217bfb4db60adc720a9b02edca2d8e48ac8a8b39d69348b361

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 03:48

Target

f33890d303730a217bfb4db60adc720a9b02edca2d8e48ac8a8b39d69348b361.dll
Size

60KB
MD5

12419cb71cedcf117cbc0261179e46c2
SHA1

5a567ec1ead5c15c10c62c57991e29a32e7c7589
SHA256

f33890d303730a217bfb4db60adc720a9b02edca2d8e48ac8a8b39d69348b361
SHA512

ff293318e3bbf5495170b0d91b9b5fa7e79a6769dbc9a61024728e48299b1fb338f26095045c6fffdc73fa1923b8f77fd1c55251377e42e22d6931fd133f62d1
SSDEEP

1536:4sKXEbMTo5u1RlG/Fx9UEit+H+FdXePUkGR:NzwPlcFYEitrdOpi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 1016	1140	rundll32.exe	27
PID 1140 wrote to memory of 1016	1140	rundll32.exe	27
PID 1140 wrote to memory of 1016	1140	rundll32.exe	27
PID 1140 wrote to memory of 1016	1140	rundll32.exe	27
PID 1140 wrote to memory of 1016	1140	rundll32.exe	27
PID 1140 wrote to memory of 1016	1140	rundll32.exe	27
PID 1140 wrote to memory of 1016	1140	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f33890d303730a217bfb4db60adc720a9b02edca2d8e48ac8a8b39d69348b361.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f33890d303730a217bfb4db60adc720a9b02edca2d8e48ac8a8b39d69348b361.dll,#1
  2⤵
  PID:1016

memory/1016-55-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download