9cbd16c4e1328ebd7f0000c32239a868ad8f6533ca01a43aa9933aff270f62cb

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 01:15

Target

9cbd16c4e1328ebd7f0000c32239a868ad8f6533ca01a43aa9933aff270f62cb.dll
Size

34KB
MD5

da545aecc01bf82d980f9d875896b95e
SHA1

12f31ccc98d0ed9f20f41e599a537b5df9a370da
SHA256

9cbd16c4e1328ebd7f0000c32239a868ad8f6533ca01a43aa9933aff270f62cb
SHA512

25f5a6ca30f714e408b047fd9f783b019ef68d06919ccceec3f643a5f1aaae6668e23cac5105324f34ae5048ea2a97749143b8b5af00885ef3e655d19f9cb914
SSDEEP

768:GQYIX3x5jZUnlvpsnOSGbfKzXHMRGBM2BBBQARQk66+Ah:DVqnlVGBM2BBBQARz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cbd16c4e1328ebd7f0000c32239a868ad8f6533ca01a43aa9933aff270f62cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cbd16c4e1328ebd7f0000c32239a868ad8f6533ca01a43aa9933aff270f62cb.dll,#1
  2⤵
  PID:1144

memory/1144-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download