b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249

Analysis

max time kernel
34s
max time network
39s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 02:06

Target

b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249.dll
Size

41KB
MD5

64d714883b108f5e19ebf31d5008fcfe
SHA1

c0c0589a9544c3078e81a266a035c5b5489bccb1
SHA256

b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249
SHA512

a9839e48559b089fd3f22f562d8fd33a8cf27ae31ce8244eb8514e041b8b759739fc3f8c304a740f0052f2f0221de166b1b3ded98cee9d623e128bd6e79db526
SSDEEP

384:yWlbqr/fxQ0M9c9XNFtgHw36jYg2IIC3G974sD/77quBFdAAg+awpJKRkWXypTCv:HqbpQ0nPK6ID3Gj/7Hh2+hP6kWBJRoe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27
PID 836 wrote to memory of 1960	836	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249.dll,#1
  2⤵
  PID:1960

memory/1960-54-0x0000000000000000-mapping.dmp

Download
memory/1960-55-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download