9975d409fbd46b27b1b13d43520a8b44e97adc1b9868912588198f0421dcc8c8

Analysis

max time kernel
10s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 02:08

Target

9975d409fbd46b27b1b13d43520a8b44e97adc1b9868912588198f0421dcc8c8.dll
Size

6KB
MD5

fe4fc0b673832187dd307411c1c632c0
SHA1

5a1bbacbe6c7bbdfeb74574b5faddcf9d6f335e5
SHA256

9975d409fbd46b27b1b13d43520a8b44e97adc1b9868912588198f0421dcc8c8
SHA512

45d8f369fd83db229f9fc005f50831c34243e922ebed230549908716b62beb4f2eb31301b8dcc424ae894526704f6914bd917b84965bf7203d51f8919850f729
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROpPEZDai0hMZKFEhYnjoSmshh:YX4mJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28
PID 1368 wrote to memory of 944	1368	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9975d409fbd46b27b1b13d43520a8b44e97adc1b9868912588198f0421dcc8c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9975d409fbd46b27b1b13d43520a8b44e97adc1b9868912588198f0421dcc8c8.dll,#1
  2⤵
  PID:944

memory/944-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download