f7fd1d6d4239f30266625768e66210ced8699ebee44abe9784195ad6a5996f94

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 01:57

Target

f7fd1d6d4239f30266625768e66210ced8699ebee44abe9784195ad6a5996f94.dll
Size

33KB
MD5

86e141f767b833b2acc1a20ce33c1fa0
SHA1

64f6a16ff9ca62ca4a60be26d2d72cb5e2b7a7dd
SHA256

f7fd1d6d4239f30266625768e66210ced8699ebee44abe9784195ad6a5996f94
SHA512

044afeb665f5c63c1691f2275f1bdf70e0404b2d915f48bdc13e95e5902d13159b9b00f68bd2889ad66c2c6b1c7d5691cefd79f1cfab9d71dcdbf88eaa92a641
SSDEEP

768:FWPYvZLnZ0icDVov3Yq7pW/PB7cOkRERz8ckt:cPYvZLnUVOb7pW/GLERz8cS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7fd1d6d4239f30266625768e66210ced8699ebee44abe9784195ad6a5996f94.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7fd1d6d4239f30266625768e66210ced8699ebee44abe9784195ad6a5996f94.dll,#1
  2⤵
  PID:1680

memory/1680-55-0x0000000075921000-0x0000000075923000-memory.dmp

Filesize
8KB

Download