c9054cf1a16e550ddd2cf1d9eea8552de7c600714cb6557c88a22a2a958e562c

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 12:10

Target

c9054cf1a16e550ddd2cf1d9eea8552de7c600714cb6557c88a22a2a958e562c.dll
Size

86KB
MD5

60b71f8c5b3cc8deeb031b970606dac3
SHA1

ae28d5b1ac9a534d23cfcde13de835c3b4829883
SHA256

c9054cf1a16e550ddd2cf1d9eea8552de7c600714cb6557c88a22a2a958e562c
SHA512

840bef27d37161eff1716538d335ab5262c43617a3468956adade9b1a5dd7304fd0d5e1627289b5465ceca61e0ec314da616e0c05556271308e15eee6569735b
SSDEEP

1536:PgcY0GyJc/a0N/aySKCZ5Xg+AKOSa5TernrVqA2mBPhE5rHC0rfbCod879W:PgcY0NJc/a0NSySKOXgBKSVmJhmjC0LD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27
PID 900 wrote to memory of 780	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9054cf1a16e550ddd2cf1d9eea8552de7c600714cb6557c88a22a2a958e562c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9054cf1a16e550ddd2cf1d9eea8552de7c600714cb6557c88a22a2a958e562c.dll,#1
  2⤵
  PID:780

memory/780-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download