69796ce7d848cff6fa4159837a93368c923014c7da3a30985d82329e0aaf7443

Analysis

max time kernel
234s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:58

Target

69796ce7d848cff6fa4159837a93368c923014c7da3a30985d82329e0aaf7443.dll
Size

6KB
MD5

4e61d02eb47d25dd1e6dcfd6a6e48780
SHA1

12f4f272cf738afd27e22ecdc0a4508c21e43bcd
SHA256

69796ce7d848cff6fa4159837a93368c923014c7da3a30985d82329e0aaf7443
SHA512

6a1896c791defd749ac8738e4315e373df39466deef89bd4398b230bfe640c9ef797a1e6f1dad8c6a220cc88f0e1b84e58e66b663ece4ea2b72a3181d108613a
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD7mx5:juLJ/oAdQPQa2aeng7G5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 892	716	rundll32.exe	28
PID 716 wrote to memory of 892	716	rundll32.exe	28
PID 716 wrote to memory of 892	716	rundll32.exe	28
PID 716 wrote to memory of 892	716	rundll32.exe	28
PID 716 wrote to memory of 892	716	rundll32.exe	28
PID 716 wrote to memory of 892	716	rundll32.exe	28
PID 716 wrote to memory of 892	716	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\69796ce7d848cff6fa4159837a93368c923014c7da3a30985d82329e0aaf7443.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\69796ce7d848cff6fa4159837a93368c923014c7da3a30985d82329e0aaf7443.dll,#1
  2⤵
  PID:892

memory/892-55-0x0000000074E61000-0x0000000074E63000-memory.dmp

Filesize
8KB

Download