66016a13c38f222cb731d460d2cf1359ced0327233121dbe0ddd7a6f32a984dc

Analysis

max time kernel
1s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:20

Target

66016a13c38f222cb731d460d2cf1359ced0327233121dbe0ddd7a6f32a984dc.dll
Size

80KB
MD5

61488c649b4c3a2610571dbe50926b70
SHA1

fc5710ad6a0dbfde0aabbfab5cb762aea10861e5
SHA256

66016a13c38f222cb731d460d2cf1359ced0327233121dbe0ddd7a6f32a984dc
SHA512

41c54a9cd257bbe4064c82bd43aec3afbc34e770ef1cf9b1a8f95fb03d9b827c2daaed8fed9568275d70b811d856e69b2f693de40c86ea9e64c2f24d4a5da3b4
SSDEEP

1536:Bm1NGJVGbii9FY5jr8t+5qsUYuHiU1CRWTbJ0Qwgak0FRHlZFKDonoqPlu7QlTRn:kX0VU5Fk0t+5ZCiU1CcnVtaLHlHKyoVI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 940	1228	rundll32.exe	28
PID 1228 wrote to memory of 940	1228	rundll32.exe	28
PID 1228 wrote to memory of 940	1228	rundll32.exe	28
PID 1228 wrote to memory of 940	1228	rundll32.exe	28
PID 1228 wrote to memory of 940	1228	rundll32.exe	28
PID 1228 wrote to memory of 940	1228	rundll32.exe	28
PID 1228 wrote to memory of 940	1228	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66016a13c38f222cb731d460d2cf1359ced0327233121dbe0ddd7a6f32a984dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66016a13c38f222cb731d460d2cf1359ced0327233121dbe0ddd7a6f32a984dc.dll,#1
  2⤵
  PID:940

memory/940-55-0x00000000760A1000-0x00000000760A3000-memory.dmp

Filesize
8KB

Download