b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 14:53

Target

b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78.dll
Size

204KB
MD5

6857fc4e02affd1c8af5fa96e44998fa
SHA1

2fd502f09a9dad4b9c6081c31a6193352b1565ac
SHA256

b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78
SHA512

124525a2e2ffd4af1048e49944bd2ee29bcb516449290f37869c92461e315c54e1c2000e36ba259141694b8dc63cbe6f3118df52eb7e720d0786353e0e8fab56
SSDEEP

3072:Yjtd7h3KIm6lzxxiCVKUGN247mYBVc/iDoAEOfztM1he+s9te4+z:YFi8BYYEIhLvz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78.dll,#1
  2⤵
  PID:1644

memory/1644-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download