8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a

Analysis

max time kernel
9s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 00:14

Target

8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a.dll
Size

48KB
MD5

4df51b1a6aae8ef8a3ea8d6910f38594
SHA1

5873f010695c9415a7dc846a9ec5794dca0ebe75
SHA256

8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a
SHA512

5856c0ec18ea27c6e69ef5c70a8ce464285b89f776323c577492354079f1f87adbd094e9ecb2147ed82662a31e364f6bfbd38af67b1940fbea4951485fcaba36
SSDEEP

768:53sBXUGJhxPrhzWjEzw3JSSb9Y0ugQLj3tIKShfvqaEd:SBXjhx9WAzw3JS29v1mtIKShqai

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 884	1968	rundll32.exe	28
PID 1968 wrote to memory of 884	1968	rundll32.exe	28
PID 1968 wrote to memory of 884	1968	rundll32.exe	28
PID 1968 wrote to memory of 884	1968	rundll32.exe	28
PID 1968 wrote to memory of 884	1968	rundll32.exe	28
PID 1968 wrote to memory of 884	1968	rundll32.exe	28
PID 1968 wrote to memory of 884	1968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8126ad9098b64f635b057661fea2c2b2a5fa4d8f9801bef5ddf0b907f8bb449a.dll,#1
  2⤵
  PID:884

memory/884-55-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download
memory/884-56-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download