9c65b64e09f620994e2970fbbbbcc0d5229e25ec0f3a68af3bb584d88e385499

Analysis

max time kernel
19s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:10

Target

9c65b64e09f620994e2970fbbbbcc0d5229e25ec0f3a68af3bb584d88e385499.dll
Size

58KB
MD5

1b73061afa2bb50d3f4009f8d0b4922f
SHA1

99dac2af1862c76b98915831ba42b2741f49dd0a
SHA256

9c65b64e09f620994e2970fbbbbcc0d5229e25ec0f3a68af3bb584d88e385499
SHA512

7c629ad7f8b08453acab146e0260850e97b8be45c2a7e7c54fdcd8e3c6982f8d19df2b4718e28793ec4de7ad37afe01154d873911b04168500e30ed8367ccb01
SSDEEP

1536:CVsdLLBtg8EZ9SITH/q1aSqZDzOpYt+yelRMu1YSiWz:CVuLLrNge11yDv+yAMMYj8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1220	1756	rundll32.exe	27
PID 1756 wrote to memory of 1220	1756	rundll32.exe	27
PID 1756 wrote to memory of 1220	1756	rundll32.exe	27
PID 1756 wrote to memory of 1220	1756	rundll32.exe	27
PID 1756 wrote to memory of 1220	1756	rundll32.exe	27
PID 1756 wrote to memory of 1220	1756	rundll32.exe	27
PID 1756 wrote to memory of 1220	1756	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c65b64e09f620994e2970fbbbbcc0d5229e25ec0f3a68af3bb584d88e385499.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c65b64e09f620994e2970fbbbbcc0d5229e25ec0f3a68af3bb584d88e385499.dll,#1
  2⤵
  PID:1220

memory/1220-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download