d080867806b0837c522387689f6d67967166a959fd077103d2fbf30be31a5988

Analysis

max time kernel
17s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:47

Target

d080867806b0837c522387689f6d67967166a959fd077103d2fbf30be31a5988.dll
Size

4KB
MD5

2f80f8bf5e1f83f9ae5b0aae334ce5d0
SHA1

ecb3a4aee6175f6eb5feec3f33fdcb196f409d20
SHA256

d080867806b0837c522387689f6d67967166a959fd077103d2fbf30be31a5988
SHA512

d2a07f04ba51df2f9c3b5cd280ac2d37021f511f186cb05b017447b42160f6cdd57e6e88c1d1e59a94d03b0bb315e607963e1869416fa1120161f3da502f69a1
SSDEEP

48:qHupGeMcCB96DrhWHR0FiIsipZlM+u+eAPMDQHpyuLv6omGejvGXZ3tv:PMXB0rw0MI/pwbdkP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1876	1964	rundll32.exe	28
PID 1964 wrote to memory of 1876	1964	rundll32.exe	28
PID 1964 wrote to memory of 1876	1964	rundll32.exe	28
PID 1964 wrote to memory of 1876	1964	rundll32.exe	28
PID 1964 wrote to memory of 1876	1964	rundll32.exe	28
PID 1964 wrote to memory of 1876	1964	rundll32.exe	28
PID 1964 wrote to memory of 1876	1964	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d080867806b0837c522387689f6d67967166a959fd077103d2fbf30be31a5988.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d080867806b0837c522387689f6d67967166a959fd077103d2fbf30be31a5988.dll,#1
  2⤵
  PID:1876

memory/1876-54-0x0000000000000000-mapping.dmp

Download
memory/1876-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download