b357e39b09e6cf007b4543c99a66c4dc032dd85d9a700b8cfe0d32ab77c84d5d

Analysis

max time kernel
68s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:58

Target

b357e39b09e6cf007b4543c99a66c4dc032dd85d9a700b8cfe0d32ab77c84d5d.dll
Size

172KB
MD5

670713209a6fa4f212369f468218ed6d
SHA1

1b3e8164d1f38d28453e484f4454684d6bedc0f6
SHA256

b357e39b09e6cf007b4543c99a66c4dc032dd85d9a700b8cfe0d32ab77c84d5d
SHA512

beb11df9bcf50f540eb90a14c40d92d08baddde962385ebefa362302ee8856505ce61981b0a341463dc2922cbbe4075218f3c3802dd77eda976d2776dcf560ad
SSDEEP

3072:Wiu+GZlqkvHTQBdt9dkk5TwjeEl9coQ6qBs0FE5C8:Wt+GPqkHT2dt9dkk5UblW56qBJd8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 528	1212	rundll32.exe	28
PID 1212 wrote to memory of 528	1212	rundll32.exe	28
PID 1212 wrote to memory of 528	1212	rundll32.exe	28
PID 1212 wrote to memory of 528	1212	rundll32.exe	28
PID 1212 wrote to memory of 528	1212	rundll32.exe	28
PID 1212 wrote to memory of 528	1212	rundll32.exe	28
PID 1212 wrote to memory of 528	1212	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b357e39b09e6cf007b4543c99a66c4dc032dd85d9a700b8cfe0d32ab77c84d5d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b357e39b09e6cf007b4543c99a66c4dc032dd85d9a700b8cfe0d32ab77c84d5d.dll,#1
  2⤵
  PID:528

memory/528-55-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

Filesize
8KB

Download