fb8d8d1bec925be736792a5960136625ee8c5f429a1e826321a22c94c63152de

Analysis

max time kernel
29s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 10:17

Target

fb8d8d1bec925be736792a5960136625ee8c5f429a1e826321a22c94c63152de.dll
Size

13KB
MD5

0754944c28c6296b36cb83b934b870a0
SHA1

2f2906e5226435ca358ae4ac9eacbcc668b67097
SHA256

fb8d8d1bec925be736792a5960136625ee8c5f429a1e826321a22c94c63152de
SHA512

3113ee7c2a5f34c94bb81d96234d4c5b1bfbcc45358272e6b54b1a6b3ab115640292360ae616688dad5dfe339a0d435556b1176054a95f041f484cd1c957c564
SSDEEP

192:tueGemJcCM3dwvd0r6xyLFg0KMw6o6CizDR5wtB0ZphbuetCQYC/DnW9R:ttkMNwv/gsMvvS09KetDY0nW9R

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\comres.dll	rundll32.exe
File opened for modification	C:\Windows\comres.dll	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 968	1272	rundll32.exe	28
PID 1272 wrote to memory of 968	1272	rundll32.exe	28
PID 1272 wrote to memory of 968	1272	rundll32.exe	28
PID 1272 wrote to memory of 968	1272	rundll32.exe	28
PID 1272 wrote to memory of 968	1272	rundll32.exe	28
PID 1272 wrote to memory of 968	1272	rundll32.exe	28
PID 1272 wrote to memory of 968	1272	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb8d8d1bec925be736792a5960136625ee8c5f429a1e826321a22c94c63152de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb8d8d1bec925be736792a5960136625ee8c5f429a1e826321a22c94c63152de.dll,#1
  2⤵
  - Drops file in Windows directory
  PID:968

memory/968-55-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download