b61d20973bb38aba090ffb05dccd4fd452e05ea62d7a3cbf39fc3619254245fd

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 13:59

Target

b61d20973bb38aba090ffb05dccd4fd452e05ea62d7a3cbf39fc3619254245fd.dll
Size

327KB
MD5

9a5fe92fe0bc7e18817b9d718ad54eb2
SHA1

ac8ac1c12ce822a93802f85b6bb5833f862b60aa
SHA256

b61d20973bb38aba090ffb05dccd4fd452e05ea62d7a3cbf39fc3619254245fd
SHA512

dd3aba287dfd13587c89f0dae84d595def1af10bb04ddee512fd50640b5064f199829ea55af4174ea1da66293b6b285892230341b674a22d9e236698c255cfa5
SSDEEP

6144:b+qTnasXeBCCaVMu2pRbYOWVh5syQ7K82b22VhZlfdWS7wWjJXhS:bVTayeUV2ppYfVh5+2b2EN8V

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b61d20973bb38aba090ffb05dccd4fd452e05ea62d7a3cbf39fc3619254245fd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b61d20973bb38aba090ffb05dccd4fd452e05ea62d7a3cbf39fc3619254245fd.dll,#1
  2⤵
  PID:1208

memory/1208-55-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1208-56-0x0000000010000000-0x00000000100A7000-memory.dmp

Filesize
668KB

Download
memory/1208-57-0x0000000010000000-0x00000000100A7000-memory.dmp

Filesize
668KB

Download
memory/1208-58-0x0000000010000000-0x00000000100A7000-memory.dmp

Filesize
668KB

Download