c1ba8d3f57e59e8bcda6c57151950d33efe3cc377ecca7f8144126344f1208ba

Analysis

max time kernel
39s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:19

Target

c1ba8d3f57e59e8bcda6c57151950d33efe3cc377ecca7f8144126344f1208ba.dll
Size

11KB
MD5

2c6c6c0e0673e939a223a98e7bdf9290
SHA1

c7fe82c408bbecb40d9e64f9ea8314d0684c8d14
SHA256

c1ba8d3f57e59e8bcda6c57151950d33efe3cc377ecca7f8144126344f1208ba
SHA512

4a9d163ed4275640e9d5591971c0b65f19d89145574797777d513d82c8254209999946c2b9c186d0d91041ed018e70de5d164add9a31d09934917941128fe2aa
SSDEEP

192:IujhH6Wv5V6UhLwzN8IDbUclXomL5l9V/aFYbrXbzDRRYimgvbeE/jehXW4WT:XjhpyvzWzclXo2l9MgvzRmgzeE/je1Wp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1ba8d3f57e59e8bcda6c57151950d33efe3cc377ecca7f8144126344f1208ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1ba8d3f57e59e8bcda6c57151950d33efe3cc377ecca7f8144126344f1208ba.dll,#1
  2⤵
  PID:1108

memory/1108-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download