c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca

Analysis

max time kernel
22s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 14:31

Target

c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca.dll
Size

7KB
MD5

b9e3b76bf12f0baa68c54efd2ec36a60
SHA1

4786d4a9d8d8663f7682119cee76845ce40de717
SHA256

c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca
SHA512

7496cddc502e3866e6d6ff65aee51cfc4b577960bd7d8b477bd87a750a2495e9346ebcb358b044e5232dad960eb114fe4ebc19301efab2b94e7b9a8d59b9320e
SSDEEP

96:z0WgPtJrYHVjGwd+SPgOPRKe08GBJanzqgnYVbFPnveFPapgI2XLO:SoiS+OPRKp8X+gsBGVayLO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 1736	1340	rundll32.exe	28
PID 1340 wrote to memory of 1736	1340	rundll32.exe	28
PID 1340 wrote to memory of 1736	1340	rundll32.exe	28
PID 1340 wrote to memory of 1736	1340	rundll32.exe	28
PID 1340 wrote to memory of 1736	1340	rundll32.exe	28
PID 1340 wrote to memory of 1736	1340	rundll32.exe	28
PID 1340 wrote to memory of 1736	1340	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca.dll,#1
  2⤵
  PID:1736

memory/1736-54-0x0000000000000000-mapping.dmp

Download
memory/1736-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download