d1731db3b0aa0129582e372f289c1cf78b17d6d9a45035cb09638bf8d3b5d933

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:02

Target

d1731db3b0aa0129582e372f289c1cf78b17d6d9a45035cb09638bf8d3b5d933.dll
Size

4KB
MD5

ba7c19106114d27e295c149408678cd0
SHA1

36c92729919313822fb98fb0c9d1f5b38f5ee4d7
SHA256

d1731db3b0aa0129582e372f289c1cf78b17d6d9a45035cb09638bf8d3b5d933
SHA512

9f8e90c261f22f359005033995132d8dc6dd1ee1cd553d56c7f8ca30c45a23cdf7e74f910e3acb05135a8482a136982d9d72cdcc185fe9738990d7c1bd4baaa6
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LTLBzZwoLK2ZqmfCgbFTRJyfSbVVE/SIv:TRphMzf8T1MrmfCgJyf7/NRHbam

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1340	1652	rundll32.exe	28
PID 1652 wrote to memory of 1340	1652	rundll32.exe	28
PID 1652 wrote to memory of 1340	1652	rundll32.exe	28
PID 1652 wrote to memory of 1340	1652	rundll32.exe	28
PID 1652 wrote to memory of 1340	1652	rundll32.exe	28
PID 1652 wrote to memory of 1340	1652	rundll32.exe	28
PID 1652 wrote to memory of 1340	1652	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1731db3b0aa0129582e372f289c1cf78b17d6d9a45035cb09638bf8d3b5d933.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1731db3b0aa0129582e372f289c1cf78b17d6d9a45035cb09638bf8d3b5d933.dll,#1
  2⤵
  PID:1340

memory/1340-55-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download