7966ef20ebd7dabb3ad283d148737bef67be9135a97521f3eb69fb074bfb3484

Analysis

max time kernel
35s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 06:02

Target

7966ef20ebd7dabb3ad283d148737bef67be9135a97521f3eb69fb074bfb3484.dll
Size

12KB
MD5

c9d18dd97d0d1c95926a9ce3b0830700
SHA1

862e19f86f9e78c94e39005601a0c941b1536e13
SHA256

7966ef20ebd7dabb3ad283d148737bef67be9135a97521f3eb69fb074bfb3484
SHA512

cdd6fbaad049a3f4289784456179d628f4124c6bf431b1eb9a5894fcbc085c878e982c31b2ff9cbb8fbd0dfb19f9a0c57dd2e4353ae7994bfee32790ef121e6a
SSDEEP

192:xeGemJcaCWv79gPmvwaRg8OMoD43KiP305i0Ry8uX0bn9eKohrivW1O:mk5v7WAAMeyKy8uX0bn8Zh+vW1O

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\comres.dll	rundll32.exe
File opened for modification	C:\Windows\comres.dll	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7966ef20ebd7dabb3ad283d148737bef67be9135a97521f3eb69fb074bfb3484.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7966ef20ebd7dabb3ad283d148737bef67be9135a97521f3eb69fb074bfb3484.dll,#1
  2⤵
  - Drops file in Windows directory
  PID:1712

memory/1712-54-0x0000000000000000-mapping.dmp

Download
memory/1712-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download