f66aeb19f3ca5736f4be03afce14f0881d3b5619af00de616be2c7f3516da14b

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 11:12

Target

f66aeb19f3ca5736f4be03afce14f0881d3b5619af00de616be2c7f3516da14b.dll
Size

33KB
MD5

4eb081fcbeb55a47d35154eae9d03246
SHA1

9ce6d1285e98ad60ec7875ea4f03030186aea9f5
SHA256

f66aeb19f3ca5736f4be03afce14f0881d3b5619af00de616be2c7f3516da14b
SHA512

f7300c240ea4b8973b0d05dfc1bfc896b3d5eccac53f3a8b9fe6f47d8a6c529a5d8677bdf90451560cb30918bbfad140cbda2715fb8be37ae3cb0c1c39e4c76b
SSDEEP

384:rbm2H7KLvJHFdd9ucDSkz/9SrOhMpPHZFVuq5XQWX401Cl4NrDMnuICyRdekB:fhbkJ/d9usSW/9OSKPpPXQSU2DMnp3d9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f66aeb19f3ca5736f4be03afce14f0881d3b5619af00de616be2c7f3516da14b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f66aeb19f3ca5736f4be03afce14f0881d3b5619af00de616be2c7f3516da14b.dll,#1
  2⤵
  PID:628

memory/628-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download