bf2f53105b8c88fac4c956fb6d2b75a1aa624eeff0b9d86963cd02df400cf9da

Analysis

max time kernel
41s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 13:23

Target

bf2f53105b8c88fac4c956fb6d2b75a1aa624eeff0b9d86963cd02df400cf9da.dll
Size

139KB
MD5

61c204d445e59646be94ef3cb1064672
SHA1

6d3917b9df2c59eaa28c0630c8ef18b65a627180
SHA256

bf2f53105b8c88fac4c956fb6d2b75a1aa624eeff0b9d86963cd02df400cf9da
SHA512

30a744b06f1540e861a03e46b5a64d1da0f57f8f97eb6cd3e09fd722afc0d40a270f362fc9c236d7660fd04792cd2546caab8d24efd00e5e038210032f5a380a
SSDEEP

3072:WuGBDCFRzOt1xCXXObtgzWyb2IAAfjSzPrMs0:4B2dOt1EX4gBreTr/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 1392	624	rundll32.exe	16
PID 624 wrote to memory of 1392	624	rundll32.exe	16
PID 624 wrote to memory of 1392	624	rundll32.exe	16
PID 624 wrote to memory of 1392	624	rundll32.exe	16
PID 624 wrote to memory of 1392	624	rundll32.exe	16
PID 624 wrote to memory of 1392	624	rundll32.exe	16
PID 624 wrote to memory of 1392	624	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf2f53105b8c88fac4c956fb6d2b75a1aa624eeff0b9d86963cd02df400cf9da.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf2f53105b8c88fac4c956fb6d2b75a1aa624eeff0b9d86963cd02df400cf9da.dll,#1
  2⤵
  PID:1392

memory/1392-54-0x0000000000000000-mapping.dmp

Download
memory/1392-55-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download
memory/1392-56-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/1392-57-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download