39fc6a72a55d03a37fa052943b850c9d7df0b5e499f914d427b3747d7a72053b

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 18:45

Target

39fc6a72a55d03a37fa052943b850c9d7df0b5e499f914d427b3747d7a72053b.dll
Size

101KB
MD5

0827e223b2e11e2472f97e330d3600f4
SHA1

1b00bb6427009084893ea1c585a1f133041331df
SHA256

39fc6a72a55d03a37fa052943b850c9d7df0b5e499f914d427b3747d7a72053b
SHA512

ab16c0fa4da6f16cb2e1292ae518cc619ae3641a22c16330483296ee3d5641d416c7eba93bc5d36f758500ca45960c30192353666452934384afd48c63a6c1ca
SSDEEP

3072:Zfi3b8enD3pAbAf6tAqum6Uf2CjDHRqw31zfdkoLI:Zfi3bZD3p56+mlf2MDxqWFfddU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27
PID 864 wrote to memory of 1076	864	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39fc6a72a55d03a37fa052943b850c9d7df0b5e499f914d427b3747d7a72053b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39fc6a72a55d03a37fa052943b850c9d7df0b5e499f914d427b3747d7a72053b.dll,#1
  2⤵
  PID:1076

memory/1076-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download