ddbbe1b1d78cd52f50609c25cddd55d16f1a0f6981842ab9a6ed9a074bc53651

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:51

Target

ddbbe1b1d78cd52f50609c25cddd55d16f1a0f6981842ab9a6ed9a074bc53651.dll
Size

7KB
MD5

26136464ff2234fc8d1a4eafe3ce4680
SHA1

442fb1d5703a9ba32f33c04e71366f7ba2f553c4
SHA256

ddbbe1b1d78cd52f50609c25cddd55d16f1a0f6981842ab9a6ed9a074bc53651
SHA512

8191190cf62c274f522e3bc49869f5ccb4af304dd417be2a3d9f719ab83ccd3ac3005033cda30ed5afe5c99dd2466e2e395519100d1574835e5e98672c1ee89b
SSDEEP

48:Ss0QejYDx6/gB5B65/ic/2hmm3YGebeTKurfUsMbfY101rR+cfcl/Udr6UP3pKv/:z0QR9B6BvAwbfY4Bu/0ZqjF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddbbe1b1d78cd52f50609c25cddd55d16f1a0f6981842ab9a6ed9a074bc53651.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddbbe1b1d78cd52f50609c25cddd55d16f1a0f6981842ab9a6ed9a074bc53651.dll,#1
  2⤵
  PID:780

memory/780-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download