8336aba930bcbb71ae59fafc99fab92ab299e9f9b660e647e98fb0f21d40d77b

Analysis

max time kernel
31s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 06:47

Target

8336aba930bcbb71ae59fafc99fab92ab299e9f9b660e647e98fb0f21d40d77b.dll
Size

970KB
MD5

79a9ef7569aa33ae854c698c808ac276
SHA1

287755d6bf283cc87948273099bafbe4cda65905
SHA256

8336aba930bcbb71ae59fafc99fab92ab299e9f9b660e647e98fb0f21d40d77b
SHA512

67fa819de5e45ea3259d4decbcd24ad7d01e534e050c7337207d967c4ce9084594208ec57338a311f6f40b56bdff7fc9eefa5e7c2ba442e0bad35a6b23477000
SSDEEP

24576:ufaTEJ5ySPf3WjZkGM2F2YBMh+vL+l5iUqsiKyTl9:OFPyu3GD2uMhWL+l5iMi3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8336aba930bcbb71ae59fafc99fab92ab299e9f9b660e647e98fb0f21d40d77b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8336aba930bcbb71ae59fafc99fab92ab299e9f9b660e647e98fb0f21d40d77b.dll,#1
  2⤵
  PID:1032

memory/1032-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1032-56-0x0000000002010000-0x0000000002315000-memory.dmp

Filesize
3.0MB

Download
memory/1032-57-0x0000000002010000-0x0000000002315000-memory.dmp

Filesize
3.0MB

Download
memory/1032-58-0x0000000000B13000-0x0000000000B17000-memory.dmp

Filesize
16KB

Download