31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 05:17

Target

31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a.dll
Size

64KB
MD5

31dee6d5d2af6a1c5908de853ea2a130
SHA1

03426f14ffd948a2290f274279541215e364e7a8
SHA256

31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a
SHA512

39ed588d9e33929866a687122692b892408e80f47d5e1ec4cfcb3a7683655d51889a1a16cc2c3e57152b2b43e88aeda874c1ca383a276141b6502dd02eeac746
SSDEEP

768:Re+khqTXnhKftGtsVH/mNAVLGQGxb/A7L3nSS/Ia/oFXqUWuu7KYWvk:zvTXnhKAtsheNAVLGQMTkQcUvY6k

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a.dll,#1
  2⤵
  PID:1744

memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download