d349c3958778647fd6bbeea8882d7718a8a8764aa36169431da2a877255b5d17

Analysis

max time kernel
83s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:54

Target

d349c3958778647fd6bbeea8882d7718a8a8764aa36169431da2a877255b5d17.dll
Size

6KB
MD5

22b35f6ad53a60533a998adc7b3dc1b0
SHA1

33f201a4c59e8cbce3e95810bbb86394ee706d69
SHA256

d349c3958778647fd6bbeea8882d7718a8a8764aa36169431da2a877255b5d17
SHA512

b1fc8fbfed99dcac0b83d2ea77a4328d607f62b5705bf50299eeb98fcebd7dc8be0887861f207c720cd122911f3f64ac2b6442fa27741e0184887664ff46821f
SSDEEP

96:z0dpglt6eGE0wPLTU6h/nP/n/sy1s/6GWc/Z9XVacuKZScP:/x0UTyy1o66Fac

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 900	268	rundll32.exe	28
PID 268 wrote to memory of 900	268	rundll32.exe	28
PID 268 wrote to memory of 900	268	rundll32.exe	28
PID 268 wrote to memory of 900	268	rundll32.exe	28
PID 268 wrote to memory of 900	268	rundll32.exe	28
PID 268 wrote to memory of 900	268	rundll32.exe	28
PID 268 wrote to memory of 900	268	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d349c3958778647fd6bbeea8882d7718a8a8764aa36169431da2a877255b5d17.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d349c3958778647fd6bbeea8882d7718a8a8764aa36169431da2a877255b5d17.dll,#1
  2⤵
  PID:900

memory/900-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download