f93f231c6b31bf33f7b66b721696b9d41fad232a313c64fbb001193e3c03a47e

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 16:56

Target

f93f231c6b31bf33f7b66b721696b9d41fad232a313c64fbb001193e3c03a47e.dll
Size

75KB
MD5

1676931fdbfea96134698e5d153e34e1
SHA1

9afe6759ff2d706f87637814c05a149b583bb13e
SHA256

f93f231c6b31bf33f7b66b721696b9d41fad232a313c64fbb001193e3c03a47e
SHA512

0197be4a66fbdde045e0293fdbcadd06e05cbd522d86c67cffc99e5be9285247c042e0bb5aae372039137b2db2c5d5de8bd08ccba41735ce425eb9d387fa4419
SSDEEP

1536:62AQTDvBiOBAT0NiOWoogFl1UEI/gR+M0:BvVCQ2PdEI/gR+M

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f93f231c6b31bf33f7b66b721696b9d41fad232a313c64fbb001193e3c03a47e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f93f231c6b31bf33f7b66b721696b9d41fad232a313c64fbb001193e3c03a47e.dll,#1
  2⤵
  PID:824

memory/824-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download