61cd17b97fd6b3a817ed914c38c74984df1f069ffc0d145c0e3ee7906225ddbf

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 04:00

Target

61cd17b97fd6b3a817ed914c38c74984df1f069ffc0d145c0e3ee7906225ddbf.dll
Size

41KB
MD5

0181875a061e3ad75d6318568de23822
SHA1

5b71177121d3edfe7d24eceedbab9b786d881da2
SHA256

61cd17b97fd6b3a817ed914c38c74984df1f069ffc0d145c0e3ee7906225ddbf
SHA512

2074bd0bbdc1640f27ba0590651fe8c5222133140b9b1faf22d587e8826b391b41dc4e6b9ef5483497c3ca092c1354f59db49d189555270177764447758db141
SSDEEP

768:34lrkBTPdUIuAhVUXy2So9LMx2Eleoe3aiNPIxxn:36rkBTPp1G6oRM4QIhNMd

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
684	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 684	1384	rundll32.exe	27
PID 1384 wrote to memory of 684	1384	rundll32.exe	27
PID 1384 wrote to memory of 684	1384	rundll32.exe	27
PID 1384 wrote to memory of 684	1384	rundll32.exe	27
PID 1384 wrote to memory of 684	1384	rundll32.exe	27
PID 1384 wrote to memory of 684	1384	rundll32.exe	27
PID 1384 wrote to memory of 684	1384	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61cd17b97fd6b3a817ed914c38c74984df1f069ffc0d145c0e3ee7906225ddbf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61cd17b97fd6b3a817ed914c38c74984df1f069ffc0d145c0e3ee7906225ddbf.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:684

memory/684-55-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download
memory/684-56-0x0000000000900000-0x00000000009D3000-memory.dmp

Filesize
844KB

Download