661a343a8854a25ac85ee6a9a096cdf2fb2348ef6bb2ac84f25c4c3bdcb9b758

Analysis

max time kernel
40s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:48

Target

661a343a8854a25ac85ee6a9a096cdf2fb2348ef6bb2ac84f25c4c3bdcb9b758.dll
Size

6KB
MD5

e37a5b9da01f83af56306e32c48c0290
SHA1

b75e3023818b2ec8cc248e825c8b965dac5d3222
SHA256

661a343a8854a25ac85ee6a9a096cdf2fb2348ef6bb2ac84f25c4c3bdcb9b758
SHA512

8c199059202eb593a7084b74b60673c2511a01c9853afd9440398156ea71005b3ea958fccb1bf9679285052a8389776d1c81b6c0ab12c620cd7282ebcbc76ded
SSDEEP

48:iMIVmn8jWldIcGhFNYEArhWnR0bv1tiIsiAhv13lX3mHA2SuiS6oOgNit5NNq:PIV9yIjhsZrg0j6I/AhWNit5NNq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 1716	988	rundll32.exe	27
PID 988 wrote to memory of 1716	988	rundll32.exe	27
PID 988 wrote to memory of 1716	988	rundll32.exe	27
PID 988 wrote to memory of 1716	988	rundll32.exe	27
PID 988 wrote to memory of 1716	988	rundll32.exe	27
PID 988 wrote to memory of 1716	988	rundll32.exe	27
PID 988 wrote to memory of 1716	988	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\661a343a8854a25ac85ee6a9a096cdf2fb2348ef6bb2ac84f25c4c3bdcb9b758.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\661a343a8854a25ac85ee6a9a096cdf2fb2348ef6bb2ac84f25c4c3bdcb9b758.dll,#1
  2⤵
  PID:1716

memory/1716-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download