b4ffa70caae02504de0a35dd8360412234eb49e282cf85f9b24447748755339d

Analysis

max time kernel
30s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 19:19

Target

b4ffa70caae02504de0a35dd8360412234eb49e282cf85f9b24447748755339d.dll
Size

71KB
MD5

6dc6e65d3c6ec41a5cad47a8fc4e0c00
SHA1

d62a18005fd77fd5fafa5421d06395035b4d3795
SHA256

b4ffa70caae02504de0a35dd8360412234eb49e282cf85f9b24447748755339d
SHA512

cda17cb662853fe70a48522901273539275f55c89509508f1772ec1aeee21c47f4e614f17614e1ba4add6d8b4ef025eec382a9a2f6872c32ebc4d3640fcc9d3a
SSDEEP

1536:Bm1NGJVG+H0zYD/CtGG5pL5OiAglL00NymFcw1oA:kX0VHHMYD/IGG/ofgR0UymFJ+A

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 664	384	rundll32.exe	27
PID 384 wrote to memory of 664	384	rundll32.exe	27
PID 384 wrote to memory of 664	384	rundll32.exe	27
PID 384 wrote to memory of 664	384	rundll32.exe	27
PID 384 wrote to memory of 664	384	rundll32.exe	27
PID 384 wrote to memory of 664	384	rundll32.exe	27
PID 384 wrote to memory of 664	384	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4ffa70caae02504de0a35dd8360412234eb49e282cf85f9b24447748755339d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4ffa70caae02504de0a35dd8360412234eb49e282cf85f9b24447748755339d.dll,#1
  2⤵
  PID:664

memory/664-54-0x0000000000000000-mapping.dmp

Download
memory/664-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download