b5bbdd99791f56674813d5a0bf043fcf91853e0f06109397f88645517fe00251

Analysis

max time kernel
57s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:29

Target

b5bbdd99791f56674813d5a0bf043fcf91853e0f06109397f88645517fe00251.dll
Size

6KB
MD5

cb7fc591e41b7dcb7d301cc626eb5060
SHA1

6158fe3df8e9658344bb1738dbd8188c1bb3f520
SHA256

b5bbdd99791f56674813d5a0bf043fcf91853e0f06109397f88645517fe00251
SHA512

203e2b0de1f8c264fec4f89bd16c52257426bf0d3519282a57a0bbfd804291e0b44387a19d5372ebd13f80b6c9f6bdc5ddf99b6074ec2fca5137666636d26d88
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIkgULs3gMadzgiV7:unSR6bgYme1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 560	892	rundll32.exe	28
PID 892 wrote to memory of 560	892	rundll32.exe	28
PID 892 wrote to memory of 560	892	rundll32.exe	28
PID 892 wrote to memory of 560	892	rundll32.exe	28
PID 892 wrote to memory of 560	892	rundll32.exe	28
PID 892 wrote to memory of 560	892	rundll32.exe	28
PID 892 wrote to memory of 560	892	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5bbdd99791f56674813d5a0bf043fcf91853e0f06109397f88645517fe00251.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5bbdd99791f56674813d5a0bf043fcf91853e0f06109397f88645517fe00251.dll,#1
  2⤵
  PID:560

memory/560-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download