db2935fd25f38a04d59505ab8addd2c114f2f3f59387f9ee7bd10055e05c19aa

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:07

Target

db2935fd25f38a04d59505ab8addd2c114f2f3f59387f9ee7bd10055e05c19aa.dll
Size

64KB
MD5

77109317caaa4041722ff06a39d9ca90
SHA1

cf857cab2f5c49e4531babf1b0e1340417dbe097
SHA256

db2935fd25f38a04d59505ab8addd2c114f2f3f59387f9ee7bd10055e05c19aa
SHA512

8dee5e08be8353f97f817a91e0f9b9fa8de2f9c2c79cbb97230aad6a4c885aa9f0d08ca9104c2469533525b04da36160f0c1b5a070b7995804bf5b811bd9756a
SSDEEP

1536:n7ZLNPp9pZBMiyqrZKEpi6BSG7F1zKrBa3itS4iSn1kzgn7Bo:7ZppRy8ZfpieFNew3eSKnVo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db2935fd25f38a04d59505ab8addd2c114f2f3f59387f9ee7bd10055e05c19aa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db2935fd25f38a04d59505ab8addd2c114f2f3f59387f9ee7bd10055e05c19aa.dll,#1
  2⤵
  PID:1708

memory/1708-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download