a80b3c02bb61b1eb2797b244e1e7657872611e2bca44fc52d1581ab03779f6f7

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 22:52

Target

a80b3c02bb61b1eb2797b244e1e7657872611e2bca44fc52d1581ab03779f6f7.dll
Size

20KB
MD5

9722f3bb34c07c128c730343ecdd3172
SHA1

a51ac7520d4d0b0889ed1557f2bab9a0dc49fcfb
SHA256

a80b3c02bb61b1eb2797b244e1e7657872611e2bca44fc52d1581ab03779f6f7
SHA512

a069ade2798aacbad69a5ce51ec597510d26320c5fab1c339209625343402357999709e07d72235bde6206ca8b40dd158689f6039207679b82b4e7fba6527cb8
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0Xpl8CAu8UaWHuqaTlX0wG:zfYh2oCtpXP8x2OqaewG

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1944	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28
PID 1908 wrote to memory of 1944	1908	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a80b3c02bb61b1eb2797b244e1e7657872611e2bca44fc52d1581ab03779f6f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a80b3c02bb61b1eb2797b244e1e7657872611e2bca44fc52d1581ab03779f6f7.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944

memory/1944-55-0x00000000753C1000-0x00000000753C3000-memory.dmp

Filesize
8KB

Download