d27f09772c7d50dc50af28f0d71022c6557c9b9c241268da2576228f4ebff14d

Analysis

max time kernel
231s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:33

Target

d27f09772c7d50dc50af28f0d71022c6557c9b9c241268da2576228f4ebff14d.dll
Size

63KB
MD5

161d444d7177149887194f7e590cdf4b
SHA1

cdb050cac59977e82ba630de53dc9bcbf4d84a3a
SHA256

d27f09772c7d50dc50af28f0d71022c6557c9b9c241268da2576228f4ebff14d
SHA512

da876a65bef3025657688762c8499e4f78b5d85b572dccb4f28ec721643f98c42e4a9acf8cd8e70a604b19b838e4937808169157938ec1f5c47ba5f6cee0e9ee
SSDEEP

1536:DWk1dx+vXe8ogOhf1Q8ElwhVUtjuWLJrzCDvn:SAPm6m8JQuWLJKn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 1464	760	rundll32.exe	28
PID 760 wrote to memory of 1464	760	rundll32.exe	28
PID 760 wrote to memory of 1464	760	rundll32.exe	28
PID 760 wrote to memory of 1464	760	rundll32.exe	28
PID 760 wrote to memory of 1464	760	rundll32.exe	28
PID 760 wrote to memory of 1464	760	rundll32.exe	28
PID 760 wrote to memory of 1464	760	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d27f09772c7d50dc50af28f0d71022c6557c9b9c241268da2576228f4ebff14d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d27f09772c7d50dc50af28f0d71022c6557c9b9c241268da2576228f4ebff14d.dll,#1
  2⤵
  PID:1464

memory/1464-55-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download