9a6bdf8134293bde4acfbd8f0de46c24051b6b7fd5fbcf83aebde3cef409e419

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:26

Target

9a6bdf8134293bde4acfbd8f0de46c24051b6b7fd5fbcf83aebde3cef409e419.dll
Size

172KB
MD5

3e3dd691c6a99b0127dd43953210503d
SHA1

d436c981b3fc07aafeebc5e9774da41a6f9249ba
SHA256

9a6bdf8134293bde4acfbd8f0de46c24051b6b7fd5fbcf83aebde3cef409e419
SHA512

6be40b0f3f688b1eb7982c9ee40f8bc9edf62b2558317c4633c7aeb98035ad68eb9fcaa3d65b488af03e5a2e1501620c56d85c13543e75aa98e36306475c21d4
SSDEEP

3072:5/NrMHpfUkW+AvBMG6G38ZIVOd42ne/X9bh736IvRKQ5Qs:ZdMJ8kW+AvBMG6G38m4T+9t1vRHQs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1236	948	rundll32.exe	27
PID 948 wrote to memory of 1236	948	rundll32.exe	27
PID 948 wrote to memory of 1236	948	rundll32.exe	27
PID 948 wrote to memory of 1236	948	rundll32.exe	27
PID 948 wrote to memory of 1236	948	rundll32.exe	27
PID 948 wrote to memory of 1236	948	rundll32.exe	27
PID 948 wrote to memory of 1236	948	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a6bdf8134293bde4acfbd8f0de46c24051b6b7fd5fbcf83aebde3cef409e419.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a6bdf8134293bde4acfbd8f0de46c24051b6b7fd5fbcf83aebde3cef409e419.dll,#1
  2⤵
  PID:1236

memory/1236-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download