61e16a866f9316934faefb7fa63ba00435205a21e9ec62c43d1142d88375043f

Analysis

max time kernel
18s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 10:42

Target

61e16a866f9316934faefb7fa63ba00435205a21e9ec62c43d1142d88375043f.dll
Size

6KB
MD5

b1c49a5424c52c85897baa4fa6bbba20
SHA1

7c4d83b14745ed88954aa89b7687051af11b76be
SHA256

61e16a866f9316934faefb7fa63ba00435205a21e9ec62c43d1142d88375043f
SHA512

09a9f8f478ea950244b9f9f031f6c6b402e16f967ad3024c8d529f4ed5adc203494ce278b590cd427cb2379f3139472d26079e6fd63bfe8bf068a692d433729f
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD7+Xs0:juLJ/oAdQPQa2aeng7+c0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 980 wrote to memory of 936	980	rundll32.exe	28
PID 980 wrote to memory of 936	980	rundll32.exe	28
PID 980 wrote to memory of 936	980	rundll32.exe	28
PID 980 wrote to memory of 936	980	rundll32.exe	28
PID 980 wrote to memory of 936	980	rundll32.exe	28
PID 980 wrote to memory of 936	980	rundll32.exe	28
PID 980 wrote to memory of 936	980	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61e16a866f9316934faefb7fa63ba00435205a21e9ec62c43d1142d88375043f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61e16a866f9316934faefb7fa63ba00435205a21e9ec62c43d1142d88375043f.dll,#1
  2⤵
  PID:936

memory/936-54-0x0000000000000000-mapping.dmp

Download
memory/936-55-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download