f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d

Analysis

max time kernel
6s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 20:29

Target

f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
Size

56KB
MD5

6e72520a70b1b051de58366d1aa236a0
SHA1

97e4c6f1806d621a44d24dddaa2f7e2dbaf81e6e
SHA256

f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d
SHA512

c60b9d4ea3dbcb821f4a48ff3b42bcdf777df4de3577c2df348f69921a541a7eecfe3573baf36a58977db9edd18776a5b22401f1407bc0310a9a2f9794d8a657
SSDEEP

1536:kjRUjsK3W8jkG3TaBrGqNwa8n0wZkXzt+JSJ91gLV:kF2sK7gG3TaBCqGLrSkc91MV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 1332	960	rundll32.exe	28
PID 960 wrote to memory of 1332	960	rundll32.exe	28
PID 960 wrote to memory of 1332	960	rundll32.exe	28
PID 960 wrote to memory of 1332	960	rundll32.exe	28
PID 960 wrote to memory of 1332	960	rundll32.exe	28
PID 960 wrote to memory of 1332	960	rundll32.exe	28
PID 960 wrote to memory of 1332	960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#1
  2⤵
  PID:1332

memory/1332-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download