1b9bab7f7ba64cd906fc9c4d03985b6c094cf3c1ef08ff9a61971c2a23f45a53

Analysis

max time kernel
37s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 19:39

Target

1b9bab7f7ba64cd906fc9c4d03985b6c094cf3c1ef08ff9a61971c2a23f45a53.dll
Size

66KB
MD5

5decd255c3facbc1ef0a10d9a90f0c30
SHA1

37864466ef1745ec522395445c582d564f23c974
SHA256

1b9bab7f7ba64cd906fc9c4d03985b6c094cf3c1ef08ff9a61971c2a23f45a53
SHA512

34fcd9ab59d6238cabef78b0d114861304e4a28fe25327fcd47189630297844347e72ad1237392f5520603dda8beaa7455c7597fef93825e9682b127950e12b6
SSDEEP

1536:RVNYKJgYMXBHwv07MIc77auRv88Ne+8CDs:T6Kpgw8MZZepCDs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b9bab7f7ba64cd906fc9c4d03985b6c094cf3c1ef08ff9a61971c2a23f45a53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b9bab7f7ba64cd906fc9c4d03985b6c094cf3c1ef08ff9a61971c2a23f45a53.dll,#1
  2⤵
  PID:2028

memory/2028-55-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download