10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0

Analysis

max time kernel
6s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:32

Target

10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0.dll
Size

4KB
MD5

7df86ce20c742d4493bca1ef0b8c2910
SHA1

5255478604244df0bec321fc1ef123a0e65de0bf
SHA256

10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0
SHA512

71cde95f11700bd2ea4356544f0fe081cec3133c72b6c2ab5cddca81c9d9368d7f991bf004ea012cd3a86c4a377dab89a3ae13241ee3406e10638a8ba076965f
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+Lua+fRteE5xJhyPjny3PNEJdBomrntS7f:TRphMzf810y4vhGy31EJd+mrntSO2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1776	2040	rundll32.exe	27
PID 2040 wrote to memory of 1776	2040	rundll32.exe	27
PID 2040 wrote to memory of 1776	2040	rundll32.exe	27
PID 2040 wrote to memory of 1776	2040	rundll32.exe	27
PID 2040 wrote to memory of 1776	2040	rundll32.exe	27
PID 2040 wrote to memory of 1776	2040	rundll32.exe	27
PID 2040 wrote to memory of 1776	2040	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0.dll,#1
  2⤵
  PID:1776

memory/1776-55-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download