bb47f558d7d21602d571a1fbfa82060f202b9d8314595bd3aa8f50f70916d998

Analysis

max time kernel
20s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 07:37 UTC

Target

bb47f558d7d21602d571a1fbfa82060f202b9d8314595bd3aa8f50f70916d998.dll
Size

25KB
MD5

389e567712c4d6fb2bee03fdb6bce6db
SHA1

69350cd869ecd93a025d419e4800a4e576080c1c
SHA256

bb47f558d7d21602d571a1fbfa82060f202b9d8314595bd3aa8f50f70916d998
SHA512

6b2744fafab07315817aac2bf5ed653a4448aee6c902e10c7a438754690a19387c643ed18e35b06fe7ac875a702e6b318c3c83275eb79a02351f097c4453f70a
SSDEEP

768:rxmWnNKqJgEd4wRejWPYBZs1ijS2lq31s:rxmWNHJR4QeckXjS2li1s

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1972	956	rundll32.exe	28
PID 956 wrote to memory of 1972	956	rundll32.exe	28
PID 956 wrote to memory of 1972	956	rundll32.exe	28
PID 956 wrote to memory of 1972	956	rundll32.exe	28
PID 956 wrote to memory of 1972	956	rundll32.exe	28
PID 956 wrote to memory of 1972	956	rundll32.exe	28
PID 956 wrote to memory of 1972	956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb47f558d7d21602d571a1fbfa82060f202b9d8314595bd3aa8f50f70916d998.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb47f558d7d21602d571a1fbfa82060f202b9d8314595bd3aa8f50f70916d998.dll,#1
  2⤵
  PID:1972

memory/1972-55-0x0000000075701000-0x0000000075703000-memory.dmp

Filesize
8KB

Download
memory/1972-56-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download