b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c

Analysis

max time kernel
38s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:58

Target

b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll
Size

118KB
MD5

67559a205b06a4a2cfae190537a6de20
SHA1

877a1e066b4419b41a58fd02f4da4c96d2e850c0
SHA256

b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c
SHA512

d355e30a9dbbc846572a5856caa0b0b84e3b91bbc66ac77fb8bee760f4723bc3acd1434b89987a7d9469aab452a687bcd3a687b5bc801025d092aab722aef584
SSDEEP

3072:+DAX6MA0YlhvNbw9OXRZcRSoLydoPfZYIBUTNo:KAXXilwQZQrLyiPRYIBko

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 460	268	rundll32.exe	28
PID 268 wrote to memory of 460	268	rundll32.exe	28
PID 268 wrote to memory of 460	268	rundll32.exe	28
PID 268 wrote to memory of 460	268	rundll32.exe	28
PID 268 wrote to memory of 460	268	rundll32.exe	28
PID 268 wrote to memory of 460	268	rundll32.exe	28
PID 268 wrote to memory of 460	268	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll,#1
  2⤵
  PID:460

memory/460-55-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download