bdf19a00de5b44a5520a70992b16e15bf2df34bdf96b7aae78d8e7c91194d7b8

Analysis

max time kernel
2s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:30

Target

bdf19a00de5b44a5520a70992b16e15bf2df34bdf96b7aae78d8e7c91194d7b8.dll
Size

7KB
MD5

cbcec5aa2545f27b76d765586a7f4fa0
SHA1

a096f5c7e6bb47327a711b2baa6167724ce62755
SHA256

bdf19a00de5b44a5520a70992b16e15bf2df34bdf96b7aae78d8e7c91194d7b8
SHA512

c80d631115b627ff98dc5534e87f5be7656f82863b3c8f56b444a9d5cbd921330c80f3704f4d3e8c2ec08f3fc74fcfb2d4eb7e3ba4d0e02c65d7b47a50097141
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIRvJJoiCeCfeAMxE/kJm33YP6qXZj0kP:unSR6bgYAAiCeCfMxE/APzXZj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2044	1404	rundll32.exe	28
PID 1404 wrote to memory of 2044	1404	rundll32.exe	28
PID 1404 wrote to memory of 2044	1404	rundll32.exe	28
PID 1404 wrote to memory of 2044	1404	rundll32.exe	28
PID 1404 wrote to memory of 2044	1404	rundll32.exe	28
PID 1404 wrote to memory of 2044	1404	rundll32.exe	28
PID 1404 wrote to memory of 2044	1404	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdf19a00de5b44a5520a70992b16e15bf2df34bdf96b7aae78d8e7c91194d7b8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdf19a00de5b44a5520a70992b16e15bf2df34bdf96b7aae78d8e7c91194d7b8.dll,#1
  2⤵
  PID:2044

memory/2044-55-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download