bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6

Analysis

max time kernel
5s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:58

Target

bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6.dll
Size

58KB
MD5

718e7aeb2ff42ee5ac8873582306d262
SHA1

1df6a8a1cf8535f8ac406b2555dea7b691cf7e35
SHA256

bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6
SHA512

bbd64c05fe1dee27d5be05991a30aba219de33903180f43f5ca3a5dd11d3df17da849206492f407666d89a1e219286a764205158e33c5eb63d401cfaa7cafb94
SSDEEP

1536:1zExMwCGQ2jxorfAH0pqbGmgdqPvhz4SkIdqj8nGll:1I+wCGvdocYjmxhzBo4nGll

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2032	2028	rundll32.exe	28
PID 2028 wrote to memory of 2032	2028	rundll32.exe	28
PID 2028 wrote to memory of 2032	2028	rundll32.exe	28
PID 2028 wrote to memory of 2032	2028	rundll32.exe	28
PID 2028 wrote to memory of 2032	2028	rundll32.exe	28
PID 2028 wrote to memory of 2032	2028	rundll32.exe	28
PID 2028 wrote to memory of 2032	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6.dll,#1
  2⤵
  PID:2032

memory/2032-55-0x0000000075A31000-0x0000000075A33000-memory.dmp

Filesize
8KB

Download