b82c19389beb9599c4a96d958e76d32df8ecb6dcf6772d0fbf9676f0c4cf5859

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 14:13

Target

b82c19389beb9599c4a96d958e76d32df8ecb6dcf6772d0fbf9676f0c4cf5859.dll
Size

80KB
MD5

b9d09fc3e516e8d4beb67558490ee183
SHA1

9c0befe76dc889b08a3bb868b94897a76a9b6445
SHA256

b82c19389beb9599c4a96d958e76d32df8ecb6dcf6772d0fbf9676f0c4cf5859
SHA512

aee17055516fdad5ebde32aef6dadaae58c244d192ab3fe1a304479b8e817a805dbe221fe9bb1490813ce2bd097ab00573947a92e3d4950a853ea600fb6e2014
SSDEEP

1536:AOXC3b5pzTzQROtYiArcll1fvhOPoFmwuscgkkkB:AOXCDzTsaYiArultvhOQFmwuscgkkkB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 884	816	rundll32.exe	27
PID 816 wrote to memory of 884	816	rundll32.exe	27
PID 816 wrote to memory of 884	816	rundll32.exe	27
PID 816 wrote to memory of 884	816	rundll32.exe	27
PID 816 wrote to memory of 884	816	rundll32.exe	27
PID 816 wrote to memory of 884	816	rundll32.exe	27
PID 816 wrote to memory of 884	816	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b82c19389beb9599c4a96d958e76d32df8ecb6dcf6772d0fbf9676f0c4cf5859.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b82c19389beb9599c4a96d958e76d32df8ecb6dcf6772d0fbf9676f0c4cf5859.dll,#1
  2⤵
  PID:884

memory/884-54-0x0000000000000000-mapping.dmp

Download
memory/884-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download