9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe

Analysis

max time kernel
29s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:55

Target

9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll
Size

58KB
MD5

59f8af0ca067cafc36d272861285233f
SHA1

05dd08f29022435c3fefacbc63b2921a7987cefc
SHA256

9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe
SHA512

1170cd14f63d7cab76cb81ca42e2aa319171f77bb0a057d4d89c70acc783fae89974b5b4f2eb4b4abd825957b5fe3ac2c1962ff0716de80a72c8ec36fddb6ed5
SSDEEP

768:GbvLDaaMact8TtIgjhn/P2n+cDhTa/cxhFrMhYM/xYOtPqQodSKvZhZrwtpskVYM:evygjNhcOc34WtkMhBS2dzdwZ7eSUI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 1204	112	rundll32.exe	28
PID 112 wrote to memory of 1204	112	rundll32.exe	28
PID 112 wrote to memory of 1204	112	rundll32.exe	28
PID 112 wrote to memory of 1204	112	rundll32.exe	28
PID 112 wrote to memory of 1204	112	rundll32.exe	28
PID 112 wrote to memory of 1204	112	rundll32.exe	28
PID 112 wrote to memory of 1204	112	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll,#1
  2⤵
  PID:1204

memory/1204-55-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download