f9425425cb29dfeecf12b8e9f8e68c5cca1a46b33167be4461329efa1b566542

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:19

Target

f9425425cb29dfeecf12b8e9f8e68c5cca1a46b33167be4461329efa1b566542.dll
Size

59KB
MD5

2b79e96c5a7e5198f061c77a51bae230
SHA1

cd065ad7c6ad97b96e9557f7b5cf96fda61a7ef5
SHA256

f9425425cb29dfeecf12b8e9f8e68c5cca1a46b33167be4461329efa1b566542
SHA512

78ef32cda5b6598bba59ffcc1c791bd58a4f2e1b79b35792ed32fbbe5e544cf8bfa325cd7af8a5d43005b53f9af7076f240e9448115f7520d500e220506957bc
SSDEEP

1536:f+w0fZDm4+AmP29bH+4ioTVBKgb64ES5fXL+gjhKWeOZIrUsp:f+3xcQbHVTMyDLlLe4i

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9425425cb29dfeecf12b8e9f8e68c5cca1a46b33167be4461329efa1b566542.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9425425cb29dfeecf12b8e9f8e68c5cca1a46b33167be4461329efa1b566542.dll,#1
  2⤵
  PID:1224

memory/1224-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download