a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c

Analysis

max time kernel
56s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 08:07

Target

a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c.dll
Size

44KB
MD5

cca444ea4df4c4d9ae0c44472b5f8104
SHA1

6acc2d9da1b78546a70ae6b12ec63f6ec191c1b3
SHA256

a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c
SHA512

86505e40c5284926049763139d10efac6e7787a15efbb4418e54e99d0b1da12e90b339ca6b7e64936469a1502c63e2d3b47b7bb5eef7864b67862a5c17b9ac9b
SSDEEP

384:+2y6K867Tn9i6+Xiyo07PEWUJOoH8HoI0I/YDrtuSAPcWPnovgULnYHK3GcsT:H967Tn91+SjXQoHy7YDrtiPnom5

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
948	rundll32.exe
948	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 948	1664	rundll32.exe	28
PID 1664 wrote to memory of 948	1664	rundll32.exe	28
PID 1664 wrote to memory of 948	1664	rundll32.exe	28
PID 1664 wrote to memory of 948	1664	rundll32.exe	28
PID 1664 wrote to memory of 948	1664	rundll32.exe	28
PID 1664 wrote to memory of 948	1664	rundll32.exe	28
PID 1664 wrote to memory of 948	1664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948

memory/948-55-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download