9121edc4847ae58a82a78b084ed629d6ec7075c1db556c93cba5b0ee760ce80a

Analysis

max time kernel
38s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 04:48

Target

9121edc4847ae58a82a78b084ed629d6ec7075c1db556c93cba5b0ee760ce80a.dll
Size

6KB
MD5

4318cdea10cb1d66935e36b97119de30
SHA1

fec9421c61324cb55a0a8bf7f69a2c49d5fcbcb5
SHA256

9121edc4847ae58a82a78b084ed629d6ec7075c1db556c93cba5b0ee760ce80a
SHA512

7021ddcf29337266f38994bd3c4778dc23ac888fac2389866b3f729add5cf023c7ed8940e1b2a1978c7236f6e3625694302ec87a1e88a309dfda6a12da2618dd
SSDEEP

192:/x0lAsneCKAaCX1GXTjqLHB5H3E9THRDdHHJmGHS:/xCTneCKAaCX1GXaLHB5H3E9TH9dHHJO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1032	2036	rundll32.exe	28
PID 2036 wrote to memory of 1032	2036	rundll32.exe	28
PID 2036 wrote to memory of 1032	2036	rundll32.exe	28
PID 2036 wrote to memory of 1032	2036	rundll32.exe	28
PID 2036 wrote to memory of 1032	2036	rundll32.exe	28
PID 2036 wrote to memory of 1032	2036	rundll32.exe	28
PID 2036 wrote to memory of 1032	2036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9121edc4847ae58a82a78b084ed629d6ec7075c1db556c93cba5b0ee760ce80a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9121edc4847ae58a82a78b084ed629d6ec7075c1db556c93cba5b0ee760ce80a.dll,#1
  2⤵
  PID:1032

memory/1032-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download