b0bb3537e4ec801816c5cc782bf6fab763df705011ed96d1b796e16fdeaf3bae

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 11:05

Target

b0bb3537e4ec801816c5cc782bf6fab763df705011ed96d1b796e16fdeaf3bae.dll
Size

200KB
MD5

04a9defdf29573f20c020107ea4e8940
SHA1

5921dbac87ce01117b142b72e5aebb05ba11a6a8
SHA256

b0bb3537e4ec801816c5cc782bf6fab763df705011ed96d1b796e16fdeaf3bae
SHA512

0db3e5813f76fa53fe7be4bfc1da327c02441c018858a392233d5d49c20dc6960fe442f68448afdbe3269e8f33268b3193b7a7e91ba5021737caea53d9abd2e5
SSDEEP

3072:pGn7hZpPr/R6OtRaTW5ZmohWqAixvfGSRfU7:pGnFZpj/vtR2+5WqAAfD5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0bb3537e4ec801816c5cc782bf6fab763df705011ed96d1b796e16fdeaf3bae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0bb3537e4ec801816c5cc782bf6fab763df705011ed96d1b796e16fdeaf3bae.dll,#1
  2⤵
  PID:1284

memory/1284-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download