b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:24

Target

b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll
Size

30KB
MD5

d873ae66a13bfd41b5044f2401c589f0
SHA1

f3d032bd5572adce061872dec7b12d711cbe4acb
SHA256

b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f
SHA512

0ce241772c7a6a8a7a32456c246e314f32e5d418c3ab59a4497ee68efe03d07979dda435344a0057013372ff13c5219b84e4e49be08443ea68c8ba5aaec3600c
SSDEEP

96:DBxUt5T0t/4bmkmKUk+NIlXadkvNOm4YDfnJZoMMMMMMMMMMMMMXMMMMMMMMMMMl:VRRQmkmHk+NIlKa1O0xMtMNwbHEcvT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll,#1
  2⤵
  PID:1812

memory/1812-55-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download