9cf97a29a8cb5c74fdcb1bb57801f4cd9559d60b444352e1a85976c295738364

Analysis

max time kernel
19s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:44

Target

9cf97a29a8cb5c74fdcb1bb57801f4cd9559d60b444352e1a85976c295738364.dll
Size

59KB
MD5

fe3390e71912e02298b9cebcdd80b530
SHA1

d16c3eacad6e1c5baef1cf66e9be46dc36697cfa
SHA256

9cf97a29a8cb5c74fdcb1bb57801f4cd9559d60b444352e1a85976c295738364
SHA512

18b0ff03952f380d6b8feeb9e4f8f360771142f3b4915ad44e9b3cc5b7a0c80ba23ba0dcae30bc9d25fcbaa142360f9f77f297a74d9ffbe839b8378fe5bf1904
SSDEEP

768:nbY4lCJoifyf1TNb2NmecVSgXGCtqP6cQ2+HL/xdFBuwRKp6GLjEMyrTPghwpzqv:EGcfJmbQgXGCd2aL/9wwR+6Ie/gOuv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cf97a29a8cb5c74fdcb1bb57801f4cd9559d60b444352e1a85976c295738364.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cf97a29a8cb5c74fdcb1bb57801f4cd9559d60b444352e1a85976c295738364.dll,#1
  2⤵
  PID:844

memory/844-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download