9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 08:58

Target

9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34.dll
Size

270KB
MD5

03fed6711fff1ea2b61d69ed96810310
SHA1

4b2f03079455ba7e1d88bf20339450b78c719023
SHA256

9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34
SHA512

a1d6878fb3c84b14143e42bc9c2452689d026f47a3b07beb580a39413a37f40a68ab9f5cb086fcbb0f4cf7733ab0e5c73a31ec37cce69a11deaa0933eaf0318e
SSDEEP

6144:l3zkKwiJaKY9wmgKkV9NtaolEY092oZVQMn9iR12zkmpRQzy:l3qiJanKKY9Wog2az8R1ktpY

Score

1^/10

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1900	1460	rundll32.exe	28
PID 1460 wrote to memory of 1900	1460	rundll32.exe	28
PID 1460 wrote to memory of 1900	1460	rundll32.exe	28
PID 1460 wrote to memory of 1900	1460	rundll32.exe	28
PID 1460 wrote to memory of 1900	1460	rundll32.exe	28
PID 1460 wrote to memory of 1900	1460	rundll32.exe	28
PID 1460 wrote to memory of 1900	1460	rundll32.exe	28
PID 1900 wrote to memory of 1120	1900	rundll32.exe	29
PID 1900 wrote to memory of 1120	1900	rundll32.exe	29
PID 1900 wrote to memory of 1120	1900	rundll32.exe	29
PID 1900 wrote to memory of 1120	1900	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:1120

memory/1900-55-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1900-56-0x00000000747D0000-0x0000000074817000-memory.dmp

Filesize
284KB

Download
memory/1900-57-0x0000000074780000-0x00000000747C7000-memory.dmp

Filesize
284KB

Download
memory/1900-58-0x00000000747D0000-0x0000000074817000-memory.dmp

Filesize
284KB

Download
memory/1900-60-0x0000000074780000-0x00000000747C7000-memory.dmp

Filesize
284KB

Download
memory/1900-61-0x0000000074A80000-0x0000000074AA1000-memory.dmp

Filesize
132KB

Download