f9c38b91ce167a9fa8b19a75223e9f04325bfc7353e45c8a57022b9140991b3c

Analysis

max time kernel
46s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 10:48

Target

f9c38b91ce167a9fa8b19a75223e9f04325bfc7353e45c8a57022b9140991b3c.dll
Size

603KB
MD5

bd9754f7b3480cdc86079204fd0cef11
SHA1

5af39b1e28f910eb95dfd55109a2842b989aa255
SHA256

f9c38b91ce167a9fa8b19a75223e9f04325bfc7353e45c8a57022b9140991b3c
SHA512

e24addd562cb76eb43a47d0294e0549d6cef9e9281c22f937debe664f32ec1f13c78092386ad51b4d4ddbcb8d28093b362d8dc7d94d46060db88c70a6e1da059
SSDEEP

12288:eUEKP8lTW2UT5HvCOquNi+VIc5E/2OZwYEtLK:eUEKENWZTRNqufVIx/2zYEtL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1984	2004	rundll32.exe	28
PID 2004 wrote to memory of 1984	2004	rundll32.exe	28
PID 2004 wrote to memory of 1984	2004	rundll32.exe	28
PID 2004 wrote to memory of 1984	2004	rundll32.exe	28
PID 2004 wrote to memory of 1984	2004	rundll32.exe	28
PID 2004 wrote to memory of 1984	2004	rundll32.exe	28
PID 2004 wrote to memory of 1984	2004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9c38b91ce167a9fa8b19a75223e9f04325bfc7353e45c8a57022b9140991b3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9c38b91ce167a9fa8b19a75223e9f04325bfc7353e45c8a57022b9140991b3c.dll,#1
  2⤵
  PID:1984

memory/1984-55-0x0000000076651000-0x0000000076653000-memory.dmp

Filesize
8KB

Download