b78bed0ac296a7c2c2c05f4807f40eab9fc6f035b0851b52939e29c694711fa0

Analysis

max time kernel
245s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 03:26

Target

b78bed0ac296a7c2c2c05f4807f40eab9fc6f035b0851b52939e29c694711fa0.dll
Size

51KB
MD5

cfd63f2d5131ef7e4d5726abc0e7581d
SHA1

4eeea749d4a8827b5f414df833657b7d03435872
SHA256

b78bed0ac296a7c2c2c05f4807f40eab9fc6f035b0851b52939e29c694711fa0
SHA512

560effc19672d25d7ef5f5e8d7a32794dfaa4b62a9c4d8f9b1357b882da6a1abfb910d46a31ee762447e3a862f3aa0b679c59618401384566ff0bfb2d8830c03
SSDEEP

1536:mPO6KEVbsVP0g0+Ffiz5CUrvX32RRP7LqEhdgihX4C:cMEVbsVcFgfcBrvGRRf18QXz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 564	1892	rundll32.exe	28
PID 1892 wrote to memory of 564	1892	rundll32.exe	28
PID 1892 wrote to memory of 564	1892	rundll32.exe	28
PID 1892 wrote to memory of 564	1892	rundll32.exe	28
PID 1892 wrote to memory of 564	1892	rundll32.exe	28
PID 1892 wrote to memory of 564	1892	rundll32.exe	28
PID 1892 wrote to memory of 564	1892	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b78bed0ac296a7c2c2c05f4807f40eab9fc6f035b0851b52939e29c694711fa0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b78bed0ac296a7c2c2c05f4807f40eab9fc6f035b0851b52939e29c694711fa0.dll,#1
  2⤵
  PID:564

memory/564-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download