864a31be01da9a9222efa3a9b701d8b5e99d5cd9cc6102f5b68ff119206bfa0c

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 06:25

Target

864a31be01da9a9222efa3a9b701d8b5e99d5cd9cc6102f5b68ff119206bfa0c.dll
Size

64KB
MD5

f3a7aabd0129c9ddbf33691c5e70f38f
SHA1

46bfb9b09eaabbde23bfc736d42c96a1d1c1bc39
SHA256

864a31be01da9a9222efa3a9b701d8b5e99d5cd9cc6102f5b68ff119206bfa0c
SHA512

4e590bda8532f2c1d11c3a92d8323038fbfda16789c08f1bee7c053212ca668d1d9a61389a399d624f7fdbeed1f61494907bd98ca90df04f80c98d762c8917e0
SSDEEP

1536:MhBRVgrExucMIpGcCA7hJJjuL1sE6ijAY:cRRsyGcf7Zj4h5AY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27
PID 1336 wrote to memory of 1176	1336	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\864a31be01da9a9222efa3a9b701d8b5e99d5cd9cc6102f5b68ff119206bfa0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\864a31be01da9a9222efa3a9b701d8b5e99d5cd9cc6102f5b68ff119206bfa0c.dll,#1
  2⤵
  PID:1176

memory/1176-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download