bf43e1f4104be77b2f5f9e956fa35cacd1fbecd69b531748eca476c45be5868d

Analysis

max time kernel
40s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:06

Target

bf43e1f4104be77b2f5f9e956fa35cacd1fbecd69b531748eca476c45be5868d.dll
Size

6KB
MD5

797e3e947e11ac020ee79e54f99f5490
SHA1

9573c9df498c8ea9e3dcb2da58406dcb08a9bff6
SHA256

bf43e1f4104be77b2f5f9e956fa35cacd1fbecd69b531748eca476c45be5868d
SHA512

98fb7502d865772792126751733e9d6aeabf5db6b6ad82ff44fd33de486d21dbeb2869be01afecf9405314e212d50fc28f95308cd74353272f3fa3c68ee6c3bd
SSDEEP

48:a5zJjO9/2uxBAKtklS4OiklShklSK8klS3klSTIZGTviietylAPwAX1UCqO04iWV:Hxvtj+jhjvj3jcZGOiI9Pm6MBXe7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 1116	868	rundll32.exe	28
PID 868 wrote to memory of 1116	868	rundll32.exe	28
PID 868 wrote to memory of 1116	868	rundll32.exe	28
PID 868 wrote to memory of 1116	868	rundll32.exe	28
PID 868 wrote to memory of 1116	868	rundll32.exe	28
PID 868 wrote to memory of 1116	868	rundll32.exe	28
PID 868 wrote to memory of 1116	868	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf43e1f4104be77b2f5f9e956fa35cacd1fbecd69b531748eca476c45be5868d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf43e1f4104be77b2f5f9e956fa35cacd1fbecd69b531748eca476c45be5868d.dll,#1
  2⤵
  PID:1116

memory/1116-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download