970772e93d09e43e5a3633f872a5039be083fa76725f222ab124dc5c43851831

Analysis

max time kernel
42s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 02:09

Target

970772e93d09e43e5a3633f872a5039be083fa76725f222ab124dc5c43851831.dll
Size

6KB
MD5

eceeae17addd583f90707436a4a12390
SHA1

e087bad5d0d919c79b48437099a27932ec81df86
SHA256

970772e93d09e43e5a3633f872a5039be083fa76725f222ab124dc5c43851831
SHA512

27cc75d26d1bb6f2fc72d43d53e47d3cc523713d59fc3d65c55a67cc90811f7009d92068e6082d63a09b70c5aba4caf97debc1a25eb591186f565be02297464b
SSDEEP

96:nI2RrUeqP8K2IrHcTdDoYFSa7+62f5PplGgpM9MBdXV5yD9a2x4X:XR4eO2yHq/Fc62hPDGM6iWZx4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\970772e93d09e43e5a3633f872a5039be083fa76725f222ab124dc5c43851831.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\970772e93d09e43e5a3633f872a5039be083fa76725f222ab124dc5c43851831.dll,#1
  2⤵
  PID:1720

memory/1720-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download