9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a

Analysis

max time kernel
25s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 22:38

Target

9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll
Size

6KB
MD5

ea6090b14744f3a1eb20e9891c783030
SHA1

3cdd01aa9d316680e94d8282f8f78044eda6b6b8
SHA256

9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a
SHA512

5134c695408eca984079a8d16134fecc486507dcc5baf75a734dec1f60c86337bdedb6698eb9e346358bc8457fbc48dacc0f8d1eaf9e3d2830cd5b822ef7ee56
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROeLTuIHMEoFcoOYOV8DGrEIp:YXXfuEoFcoOaDG5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 956	1216	rundll32.exe	28
PID 1216 wrote to memory of 956	1216	rundll32.exe	28
PID 1216 wrote to memory of 956	1216	rundll32.exe	28
PID 1216 wrote to memory of 956	1216	rundll32.exe	28
PID 1216 wrote to memory of 956	1216	rundll32.exe	28
PID 1216 wrote to memory of 956	1216	rundll32.exe	28
PID 1216 wrote to memory of 956	1216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll,#1
  2⤵
  PID:956

memory/956-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download