bf94468e769ab782b5fef829a5dc2d3aba869dfb0943df72ee2ef98f421f86a1

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 13:32

Target

bf94468e769ab782b5fef829a5dc2d3aba869dfb0943df72ee2ef98f421f86a1.dll
Size

64KB
MD5

066ccb9ecdd4dca4055f61198124911a
SHA1

cfe7157d6be8edb2d8c35ef7d25d1b918a25f1a9
SHA256

bf94468e769ab782b5fef829a5dc2d3aba869dfb0943df72ee2ef98f421f86a1
SHA512

7a312c007253c75f9ace895dc36696551e0d3a0648350c0d385359830ee40f27011c4e995af70763d4291f9b3a9a537f7f34f156bc22fe25eda5ee2efc710320
SSDEEP

1536:n2NNyGkHjkDzELuOtoNKthhT/xFmVdq8X3IhdRuMZtkm/:nuAGWIz8oNKhT/xM1XWjuMZx/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27
PID 1724 wrote to memory of 1128	1724	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf94468e769ab782b5fef829a5dc2d3aba869dfb0943df72ee2ef98f421f86a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf94468e769ab782b5fef829a5dc2d3aba869dfb0943df72ee2ef98f421f86a1.dll,#1
  2⤵
  PID:1128

memory/1128-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download
memory/1128-56-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1128-57-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1128-58-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download