be9511acc822842f567888b7e038df72201b00c0d4206566ccfd18d7d7acb834

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:26

Target

be9511acc822842f567888b7e038df72201b00c0d4206566ccfd18d7d7acb834.dll
Size

6KB
MD5

fdca97690fe93886b8cc62613d578b70
SHA1

3d235d178a938eb95b0d37f0564aa1174b3963d7
SHA256

be9511acc822842f567888b7e038df72201b00c0d4206566ccfd18d7d7acb834
SHA512

b2182d7bbd2200906f28ec1fb04f672df4bdf9c0db3d1c425a13a3df79c44660acda6b86eb36620595260d95f4cdb7e52eb5a222aa9a193406a26a1b1f088c41
SSDEEP

192:unSR6bgYnENZYENA2NqUNAO2DNJ0i2NqUNQOq9YcoOdwNcZNZ:uZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27
PID 900 wrote to memory of 1940	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be9511acc822842f567888b7e038df72201b00c0d4206566ccfd18d7d7acb834.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\be9511acc822842f567888b7e038df72201b00c0d4206566ccfd18d7d7acb834.dll,#1
  2⤵
  PID:1940

memory/1940-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download