db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175

Analysis

max time kernel
35s
max time network
39s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 03:43

Target

db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll
Size

72KB
MD5

0fd76459845513e559bd44066adfc6a6
SHA1

c0de5ad09ecea7c2a0317cd8f4898bc753cd8950
SHA256

db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175
SHA512

f8ae647609dfe72978e15476164d0a49af3ff6dca81637a020fddd89f4e2a746bc95085ee99660920fdfd77e6c9fe0cbb647b37a4c3d71d313a35bc3ace50087
SSDEEP

1536:2hq93njDRSbSmvw37Wdp4ZTuBjSuwep0wKu/4DPhYmpUh:zpRSbSPK7guRpJKu/4DnpUh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll,#1
  2⤵
  PID:1960

memory/1960-55-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download