9b073d823c2b996c202a78f9459c56fc0e5ded07672ebc20892c84398d12b839

Analysis

max time kernel
63s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:20

Target

9b073d823c2b996c202a78f9459c56fc0e5ded07672ebc20892c84398d12b839.dll
Size

124KB
MD5

1663b0ac575fd17d93ccc69073b0cb10
SHA1

6dde0404ec24a388ca4f44a703728da7abe2054a
SHA256

9b073d823c2b996c202a78f9459c56fc0e5ded07672ebc20892c84398d12b839
SHA512

aac5f94306c8e9f73a7c9185c7217fffaf973640de1f3078ded7adbddf8b82314671565600d10297ae50e885e99899702aec5e5a713c97db5e7e1c9d4551a870
SSDEEP

3072:Z8sDGD4xm08ACF5jmlw4QwKh7jbsKjSgrtC:Z8swp085nqu4UhLsK/rtC

Score

1^/10

Suspicious behavior: EnumeratesProcesses 13 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1992	2000	rundll32.exe	28
PID 2000 wrote to memory of 1992	2000	rundll32.exe	28
PID 2000 wrote to memory of 1992	2000	rundll32.exe	28
PID 2000 wrote to memory of 1992	2000	rundll32.exe	28
PID 2000 wrote to memory of 1992	2000	rundll32.exe	28
PID 2000 wrote to memory of 1992	2000	rundll32.exe	28
PID 2000 wrote to memory of 1992	2000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b073d823c2b996c202a78f9459c56fc0e5ded07672ebc20892c84398d12b839.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b073d823c2b996c202a78f9459c56fc0e5ded07672ebc20892c84398d12b839.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992

memory/1992-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/1992-56-0x0000000010000000-0x0000000010143000-memory.dmp

Filesize
1.3MB

Download
memory/1992-57-0x0000000010000000-0x0000000010143000-memory.dmp

Filesize
1.3MB

Download