86396dd260c7f985fabd60b5e56eb935534478a60ed8e5631d82138cc54507d7

Analysis

max time kernel
37s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 11:44

Target

86396dd260c7f985fabd60b5e56eb935534478a60ed8e5631d82138cc54507d7.dll
Size

4KB
MD5

8281a6a14f61bc2dd9ae0672796d51a0
SHA1

0b0f74f7387f4fecb32c9fcfa722e430228fce46
SHA256

86396dd260c7f985fabd60b5e56eb935534478a60ed8e5631d82138cc54507d7
SHA512

058132031c1548aa7f3f96c0b14e2081fdb4c5ca3d726752184705fd26a479a365f056074d8a89b575ecdd07726eb228e2cdbc15cc4d527aee1c62fa548259d0
SSDEEP

48:q0Z48j1gA5YHofrhWR0/iIsipbYtDfXgOrnsB/S+0cmXr567Xa:1tRn5cofrY06I/VY1no0Vlb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 280	1816	rundll32.exe	27
PID 1816 wrote to memory of 280	1816	rundll32.exe	27
PID 1816 wrote to memory of 280	1816	rundll32.exe	27
PID 1816 wrote to memory of 280	1816	rundll32.exe	27
PID 1816 wrote to memory of 280	1816	rundll32.exe	27
PID 1816 wrote to memory of 280	1816	rundll32.exe	27
PID 1816 wrote to memory of 280	1816	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\86396dd260c7f985fabd60b5e56eb935534478a60ed8e5631d82138cc54507d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\86396dd260c7f985fabd60b5e56eb935534478a60ed8e5631d82138cc54507d7.dll,#1
  2⤵
  PID:280

memory/280-55-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download