13885b89672bdf13207b20edada3dd0b89cf8a5c68551f1a1400d1685398db76

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 06:34

Target

13885b89672bdf13207b20edada3dd0b89cf8a5c68551f1a1400d1685398db76.dll
Size

48KB
MD5

9a2dac597e901a9eb37cc6737ee112d0
SHA1

bd79bc146b7e1814c3c7b5db3e5d00916b5f2d27
SHA256

13885b89672bdf13207b20edada3dd0b89cf8a5c68551f1a1400d1685398db76
SHA512

6c3a3bf4690b92b9e600b55b5743451c09f2175707d675ef6302dc3f6323c4e666bb6f1ac4c33eae187f3fa8c66a7afa9f061357c99b53f72f62fb4380b2ce16
SSDEEP

768:upM11BJCnKCwIsaJZeDmkRmqQ+aUFAWglCmhdFBs4yiQuMrw0E7Yu:EoB6K4tJwRmqQxwzGRdvs4fQuM8Su

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1756	900	rundll32.exe	27
PID 900 wrote to memory of 1756	900	rundll32.exe	27
PID 900 wrote to memory of 1756	900	rundll32.exe	27
PID 900 wrote to memory of 1756	900	rundll32.exe	27
PID 900 wrote to memory of 1756	900	rundll32.exe	27
PID 900 wrote to memory of 1756	900	rundll32.exe	27
PID 900 wrote to memory of 1756	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13885b89672bdf13207b20edada3dd0b89cf8a5c68551f1a1400d1685398db76.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13885b89672bdf13207b20edada3dd0b89cf8a5c68551f1a1400d1685398db76.dll,#1
  2⤵
  PID:1756

memory/1756-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download