fdd2cdf02bec4568a5b4eade84988d3fc12ee46636ba2fc8d5379dfe4733f973

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 01:50

Target

fdd2cdf02bec4568a5b4eade84988d3fc12ee46636ba2fc8d5379dfe4733f973.dll
Size

32KB
MD5

1681ba289b411c6ed42a82cc639fa290
SHA1

12ec4a49c4efbc4b11a926939a942a873cd85ca4
SHA256

fdd2cdf02bec4568a5b4eade84988d3fc12ee46636ba2fc8d5379dfe4733f973
SHA512

3f27dc032150b9e06475f8e013f87f5ba9be9326be938676e9b46a7b2cca4e08e0f80479410d6516c44a1c048fc433e6a89aaa80ac01c0288a032a553b7c1423
SSDEEP

768:MMhqpHLSlNb31pbNG7v6fbZOVOQKTRqMuBkK:1qpA1pQ7ifbK2RqMuBd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdd2cdf02bec4568a5b4eade84988d3fc12ee46636ba2fc8d5379dfe4733f973.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdd2cdf02bec4568a5b4eade84988d3fc12ee46636ba2fc8d5379dfe4733f973.dll,#1
  2⤵
  PID:840

memory/840-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download