40105b617bb5136b42f43fda4280926dbae85256c3d821772f66eaec4b17bb60

Analysis

max time kernel
34s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:32

Target

40105b617bb5136b42f43fda4280926dbae85256c3d821772f66eaec4b17bb60.dll
Size

6KB
MD5

fc6c33692b3b0ab02d12fae8d1277420
SHA1

4da08a8d33cdf9c3a4461e233e8ab6a996681b31
SHA256

40105b617bb5136b42f43fda4280926dbae85256c3d821772f66eaec4b17bb60
SHA512

e8ab369e90d5eb1ff770fd7309355b49a659b4851103c2bdfc984b433440916c515c04c7a835b9cd3269bc4bd70bf7693b21335a12533b6f209ca4d24eeb959b
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD78G/ak6r:juLJ/oAdQPQa2aeng7Xjq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26
PID 1076 wrote to memory of 2044	1076	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40105b617bb5136b42f43fda4280926dbae85256c3d821772f66eaec4b17bb60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40105b617bb5136b42f43fda4280926dbae85256c3d821772f66eaec4b17bb60.dll,#1
  2⤵
  PID:2044

memory/2044-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download