937d2c9aadd69979bcececefd72f7ba7ea8bc233d360b4b6b0068201c7dbd073

Analysis

max time kernel
39s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 19:44

Target

937d2c9aadd69979bcececefd72f7ba7ea8bc233d360b4b6b0068201c7dbd073.dll
Size

10KB
MD5

828d34f428bf4109cbdc10e964c12776
SHA1

131d9d440ca8038d209e8394af91880acc1d0857
SHA256

937d2c9aadd69979bcececefd72f7ba7ea8bc233d360b4b6b0068201c7dbd073
SHA512

29321996fd9dbf2ea01d1a36b79bb96d1c2a4678431979c569cffe1903b853c3335207b1e25d10b8e428b72b37fd321ba1cf41d19e036925a22fa51a7ec2bf56
SSDEEP

192:qDLw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92b:kldHad/N20IypWak8dWiWak8EdW7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 996	1140	rundll32.exe	27
PID 1140 wrote to memory of 996	1140	rundll32.exe	27
PID 1140 wrote to memory of 996	1140	rundll32.exe	27
PID 1140 wrote to memory of 996	1140	rundll32.exe	27
PID 1140 wrote to memory of 996	1140	rundll32.exe	27
PID 1140 wrote to memory of 996	1140	rundll32.exe	27
PID 1140 wrote to memory of 996	1140	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\937d2c9aadd69979bcececefd72f7ba7ea8bc233d360b4b6b0068201c7dbd073.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\937d2c9aadd69979bcececefd72f7ba7ea8bc233d360b4b6b0068201c7dbd073.dll,#1
  2⤵
  PID:996

memory/996-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/996-56-0x000000006D991000-0x000000006D993000-memory.dmp

Filesize
8KB

Download