b37bf733cd41137a40dc45cd1c10a708b6ff90065e9076104065874492c404dc

Analysis

max time kernel
11s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 19:23

Target

b37bf733cd41137a40dc45cd1c10a708b6ff90065e9076104065874492c404dc.dll
Size

66KB
MD5

5fda771c51870049a4f47d20d27e3678
SHA1

9edd198ca05c381f38a30ed42ea971c8bec9cc32
SHA256

b37bf733cd41137a40dc45cd1c10a708b6ff90065e9076104065874492c404dc
SHA512

41700c6d2cfd03d55902511e83944e430045ef7565dd852a0214093f3d7956baa03fbbb8a62a778c05a9d41d1dda03c674f584df40ae7311c456aa420e5483fe
SSDEEP

1536:yHZT4NCyHH/6SBnivN7Oo9wCj+3xJC1GFiYftCF0SSQH36UFN+Mu:yHd44K/kZOoA3xJcGFiktCFz90

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1392	1628	rundll32.exe	28
PID 1628 wrote to memory of 1392	1628	rundll32.exe	28
PID 1628 wrote to memory of 1392	1628	rundll32.exe	28
PID 1628 wrote to memory of 1392	1628	rundll32.exe	28
PID 1628 wrote to memory of 1392	1628	rundll32.exe	28
PID 1628 wrote to memory of 1392	1628	rundll32.exe	28
PID 1628 wrote to memory of 1392	1628	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b37bf733cd41137a40dc45cd1c10a708b6ff90065e9076104065874492c404dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b37bf733cd41137a40dc45cd1c10a708b6ff90065e9076104065874492c404dc.dll,#1
  2⤵
  PID:1392

memory/1392-55-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download