b16a6cc6a804b9467af86324b0c93f4e537ee52b9d08912e8d3c64abef7b6da9

Analysis

max time kernel
37s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 03:49

Target

b16a6cc6a804b9467af86324b0c93f4e537ee52b9d08912e8d3c64abef7b6da9.dll
Size

72KB
MD5

37d44a02d99176d49f488378aac57490
SHA1

040a147069a43b48caa03c09d5e9874a2ad0886e
SHA256

b16a6cc6a804b9467af86324b0c93f4e537ee52b9d08912e8d3c64abef7b6da9
SHA512

a188cf9eca1f20b0581448a83826ce8ef47d14b5098f71c14a04e2ecfa2013eb01e10723bb8a052bdd6780cd733d51f9c0cec51369321adb66fc28302654af80
SSDEEP

1536:agF0eiyUcbuBo5saaRUVjAfUzfw84o9QoJ8zV0MLUt0:t2yFS3qtAfUzw1S8Z0Mh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26
PID 2024 wrote to memory of 1956	2024	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b16a6cc6a804b9467af86324b0c93f4e537ee52b9d08912e8d3c64abef7b6da9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b16a6cc6a804b9467af86324b0c93f4e537ee52b9d08912e8d3c64abef7b6da9.dll,#1
  2⤵
  PID:1956

memory/1956-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download