d0b82272d47fa30e4294896429a61f6df5e05b7e60c14ad73e99ac83d986386d

Analysis

max time kernel
40s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 07:21

Target

d0b82272d47fa30e4294896429a61f6df5e05b7e60c14ad73e99ac83d986386d.dll
Size

60KB
MD5

3dcae4e2165cecfcdce135e417e280f2
SHA1

17c85ba7abb3af572482a1312a9d495d67225622
SHA256

d0b82272d47fa30e4294896429a61f6df5e05b7e60c14ad73e99ac83d986386d
SHA512

35181ab424cb72c4372b0a49c8fdff969fd4f4d0317103bfe93761586cfef379e90660fd5c0d763b739b69fad7ee1e624843b751c6d557edb8a87dabd184ed5c
SSDEEP

1536:XD5BkBpwhlRHXd38FPIvIFnToIfWAh+Ar5Z2xCG:XVazFPIQtTBfZh+Ar5Z2xC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1536	1544	rundll32.exe	28
PID 1544 wrote to memory of 1536	1544	rundll32.exe	28
PID 1544 wrote to memory of 1536	1544	rundll32.exe	28
PID 1544 wrote to memory of 1536	1544	rundll32.exe	28
PID 1544 wrote to memory of 1536	1544	rundll32.exe	28
PID 1544 wrote to memory of 1536	1544	rundll32.exe	28
PID 1544 wrote to memory of 1536	1544	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b82272d47fa30e4294896429a61f6df5e05b7e60c14ad73e99ac83d986386d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b82272d47fa30e4294896429a61f6df5e05b7e60c14ad73e99ac83d986386d.dll,#1
  2⤵
  PID:1536

memory/1536-55-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download