39b61133df8fafd879891bfee7a12430f40e32879591c685c4c892f640d59b6e

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 04:55

Target

39b61133df8fafd879891bfee7a12430f40e32879591c685c4c892f640d59b6e.dll
Size

66KB
MD5

173dd4f92be42ce9fffa0dee42d3b9c0
SHA1

36d7875ba278bb647ba3cf440db92862f6c8a2dc
SHA256

39b61133df8fafd879891bfee7a12430f40e32879591c685c4c892f640d59b6e
SHA512

6946a93b72f7cb610c0e338fd5450b3414dc70d1e637bee7d0936b88c8a62d9086e58e7351f7504a3ecb803114f71b2c2842881720f4bd28d36e38702765cd3f
SSDEEP

1536:Bm1NGJVGbhneK9acsG7yktAQIqsO8SzPKObB+CBu/TQwaJGcaD/Vv:kX0VMneK9ac1eWAQJD7ufCMUwEGcaD/h

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39b61133df8fafd879891bfee7a12430f40e32879591c685c4c892f640d59b6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39b61133df8fafd879891bfee7a12430f40e32879591c685c4c892f640d59b6e.dll,#1
  2⤵
  PID:2044

memory/2044-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download