60b07cdbdb876d796a2a71e9a1084a9445405f0824ac96dd9133936a5a805191

Analysis

max time kernel
33s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:38

Target

60b07cdbdb876d796a2a71e9a1084a9445405f0824ac96dd9133936a5a805191.dll
Size

392KB
MD5

06b306b813143dee03123412aabf686b
SHA1

fbd42ff0eb3dfaaef6930f0c622aeec230138664
SHA256

60b07cdbdb876d796a2a71e9a1084a9445405f0824ac96dd9133936a5a805191
SHA512

332771e0623fde63226d87da0574d4796a596754b892398417bf713b392f6f475faec6c335d9ea01e47e784a999b3dd7ebaf4ca569c54f9d859d644edcbe472e
SSDEEP

6144:ZdoSityBcrECwzKPmMOSF1ck5z8QGOvSrgncip/3eL55RYbW:HhOa7Cwve1c4T6rgncm3eMbW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 1756	1556	rundll32.exe	27
PID 1556 wrote to memory of 1756	1556	rundll32.exe	27
PID 1556 wrote to memory of 1756	1556	rundll32.exe	27
PID 1556 wrote to memory of 1756	1556	rundll32.exe	27
PID 1556 wrote to memory of 1756	1556	rundll32.exe	27
PID 1556 wrote to memory of 1756	1556	rundll32.exe	27
PID 1556 wrote to memory of 1756	1556	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60b07cdbdb876d796a2a71e9a1084a9445405f0824ac96dd9133936a5a805191.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60b07cdbdb876d796a2a71e9a1084a9445405f0824ac96dd9133936a5a805191.dll,#1
  2⤵
  PID:1756

memory/1756-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download
memory/1756-56-0x000000004A800000-0x000000004A862000-memory.dmp

Filesize
392KB

Download
memory/1756-57-0x000000004A800000-0x000000004A862000-memory.dmp

Filesize
392KB

Download
memory/1756-58-0x000000004A800000-0x000000004A862000-memory.dmp

Filesize
392KB

Download