66183972891ab1e271d8f5bb9b1678c682a71c486ee63c6d39daa764b646d3d3

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:00

Target

201408282238374348/װԶǹ/BackInDll.dll
Size

76KB
MD5

0cc852f53a7f305edf14fc72a444fc48
SHA1

85c0bcb24032a8e71e5625076081efca1181db3f
SHA256

28c385b33f680c435dcd3c2db6254df9f40ea01b2090f5de39a0ef47a9c26fd2
SHA512

73b244f52e024410e3160b8bc949b0af1ce1722678e328f1d2180a7089d15ce305539a5b307ee6ef5fe4c7edca65b8071205206a728b6aafbf7bd5b2ce384771
SSDEEP

768:Ru6nHzI2coccO31eS/cT5QVEmcJnRENvY2y4mAQ/1gDhdB/JYtPm5o9qJ6QzPy:f/ZVW1eS/cT5QVyufmAk1YHYtAohQby

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1632 wrote to memory of 1260	1632	rundll32.exe	rundll32.exe
PID 1632 wrote to memory of 1260	1632	rundll32.exe	rundll32.exe
PID 1632 wrote to memory of 1260	1632	rundll32.exe	rundll32.exe
PID 1632 wrote to memory of 1260	1632	rundll32.exe	rundll32.exe
PID 1632 wrote to memory of 1260	1632	rundll32.exe	rundll32.exe
PID 1632 wrote to memory of 1260	1632	rundll32.exe	rundll32.exe
PID 1632 wrote to memory of 1260	1632	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\201408282238374348\װԶǹ\BackInDll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\201408282238374348\װԶǹ\BackInDll.dll,#1
2⤵
PID:1260

memory/1260-54-0x0000000000000000-mapping.dmp

Download
memory/1260-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download