c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 05:57

Target

c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll
Size

7KB
MD5

a621deb03d294360c6c8ca7010d6b530
SHA1

467e8177ffcefeef919298e4ed4306dd37329319
SHA256

c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c
SHA512

2bfbc7c7778088c45107911f1c8f5e1ffd6cf29460834181df5d57c5e94eddd408675ec9583b1f3e749754fe58368ef808c46474f751f89682c59c9d959c9037
SSDEEP

192:OrIQUA/Rvz6VkaAXHAv4aGH4fDtTkLIWZC:Orv+VpaQX+C

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27
PID 1192 wrote to memory of 1400	1192	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll,#1
  2⤵
  PID:1400

memory/1400-55-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download