9b60b80f038d8394cc05ae173000b4c8c4becd16ef55fa4ae9adf307036bcb90

Analysis

max time kernel
9s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 04:42

Target

9b60b80f038d8394cc05ae173000b4c8c4becd16ef55fa4ae9adf307036bcb90.dll
Size

176KB
MD5

5e26b2421f0de0d68ec331c2e6027169
SHA1

a36ef60221f515a5177ecfb1b040a3ad9d4eb138
SHA256

9b60b80f038d8394cc05ae173000b4c8c4becd16ef55fa4ae9adf307036bcb90
SHA512

075591524d89c402e1be598ee74d28951d14cbf9a9e87a349b7015357f28230da6c70270c715c06c16027aa5d4b29b541b3420e097ab2849f38d8d6af2ae9537
SSDEEP

3072:vUBJpspCjvFwU5nqI+oMNDszsJd6nluqKfrf+OJ0NwDFTa:vUBbCcdwUlqI+vizYa6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 1776	1120	rundll32.exe	27
PID 1120 wrote to memory of 1776	1120	rundll32.exe	27
PID 1120 wrote to memory of 1776	1120	rundll32.exe	27
PID 1120 wrote to memory of 1776	1120	rundll32.exe	27
PID 1120 wrote to memory of 1776	1120	rundll32.exe	27
PID 1120 wrote to memory of 1776	1120	rundll32.exe	27
PID 1120 wrote to memory of 1776	1120	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b60b80f038d8394cc05ae173000b4c8c4becd16ef55fa4ae9adf307036bcb90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b60b80f038d8394cc05ae173000b4c8c4becd16ef55fa4ae9adf307036bcb90.dll,#1
  2⤵
  PID:1776

memory/1776-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download