b16ae087bf5f93848c24d3395cc755e8a86c9d20db5e5849a0054e7652982593

Analysis

max time kernel
33s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 20:27

Target

b16ae087bf5f93848c24d3395cc755e8a86c9d20db5e5849a0054e7652982593.dll
Size

66KB
MD5

168ebbc46580c7f6784880d539dde570
SHA1

b49f0527bb38922fc945b46c814a76f3a2e30c60
SHA256

b16ae087bf5f93848c24d3395cc755e8a86c9d20db5e5849a0054e7652982593
SHA512

15508f3e06aaf688ea1e7e6634d60a9b88114c15450410cb15be3ffc3bea63e48db7314b1fec13d2dd2ca0c55efe6dbec6acf3feb49fdbdc4ff8f5929e0f687f
SSDEEP

1536:f+w0fZDm4+pIHBKDRrK0sSSLxXfQ6Q4Av+ro4GH9:f+3xcOgrfsNLC662o4Gd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1368	1348	rundll32.exe	26
PID 1348 wrote to memory of 1368	1348	rundll32.exe	26
PID 1348 wrote to memory of 1368	1348	rundll32.exe	26
PID 1348 wrote to memory of 1368	1348	rundll32.exe	26
PID 1348 wrote to memory of 1368	1348	rundll32.exe	26
PID 1348 wrote to memory of 1368	1348	rundll32.exe	26
PID 1348 wrote to memory of 1368	1348	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b16ae087bf5f93848c24d3395cc755e8a86c9d20db5e5849a0054e7652982593.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b16ae087bf5f93848c24d3395cc755e8a86c9d20db5e5849a0054e7652982593.dll,#1
  2⤵
  PID:1368

memory/1368-55-0x00000000754E1000-0x00000000754E3000-memory.dmp

Filesize
8KB

Download