b60ea512fa0e2d065f5484c636e89597bb75e6b6cd8c5653e8f985208c17aebb

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 06:51

Target

b60ea512fa0e2d065f5484c636e89597bb75e6b6cd8c5653e8f985208c17aebb.dll
Size

137KB
MD5

4aeae237e224a1f7b94b261691c8ba30
SHA1

69085a3e8ba9f59ecea224c2c11b74ed6d3027ab
SHA256

b60ea512fa0e2d065f5484c636e89597bb75e6b6cd8c5653e8f985208c17aebb
SHA512

a91e81f4a1375e254aa91dbfd6e5162dba1bfeeaae96a4df3ae7afff57de8bbdf162eae7167e103e4b095a002a0851e736b4d3391fadca67967e1d3a0f90b457
SSDEEP

3072:q8wA0TMD5Dqg0yN1nvAANSw8ltWoihGCyMOLySWst+fXxl0ILV:q8w6D4Kotup0LWI+f9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b60ea512fa0e2d065f5484c636e89597bb75e6b6cd8c5653e8f985208c17aebb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b60ea512fa0e2d065f5484c636e89597bb75e6b6cd8c5653e8f985208c17aebb.dll,#1
  2⤵
  PID:1384

memory/1384-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/1384-56-0x0000000000160000-0x000000000018B000-memory.dmp

Filesize
172KB

Download